diff --git a/docs/rules/detect-html-injection.md b/docs/rules/detect-html-injection.md index 2c02d18..5e5f605 100644 --- a/docs/rules/detect-html-injection.md +++ b/docs/rules/detect-html-injection.md @@ -24,11 +24,11 @@ document.wirte("Welcome " + document.URL.substring(name, document.URL.length)); <- SINK ``` -**Source**: document.URL +**Source**: `document.URL` -**Sink**: document.write() +**Sink**: `document.write()` -**Result**: document.write(""); +**Result**: `document.write("");` The exploit will take place when visiting the following URL: @@ -43,12 +43,11 @@ Sinks: Sinks are all the DOM Properties, JavaScript functions, and other Client- Function Name | Browser | Example ------------- | ------- | ------- -document.write | All | document.write(“” + userControlledVal + “”); -document.writeln | All | document.writeln("" + userControlledVal + ""); -anyElement.innerHTML | All | divElem.innerHTML = “Hello ” + userControlledVal -anyElement.outerHTML | All | divElem.outerHTML = "
Hello " + userControlledVal -+ "
" -anyElement.insertAdjacentHTML | All | divElem.insertAdjacentHTML("",""+ userControlledVal + "");) +`document.write` | All | `document.write(“” + userControlledVal + “”);` +`document.writeln` | All | `document.writeln("" + userControlledVal + "");` +`anyElement.innerHTML` | All | `divElem.innerHTML = “Hello ” + userControlledVal` +`anyElement.outerHTML` | All | `divElem.outerHTML = "
Hello " + userControlledVal + "
"` +`anyElement.insertAdjacentHTML` | All | `divElem.insertAdjacentHTML("",""+ userControlledVal + "");)` ### Difference between document.write functions and properties like innerHTML The document.write method: @@ -115,9 +114,9 @@ var pos = document.URL.indexOf("foo=") + 4; document.write(document.URL.substring(pos, document.URL.length)); ``` -* Source: document.URL -* Sink: document.write() -* Result: document.write(“”); +* Source: `document.URL` +* Sink: `document.write()` +* Result: `document.write(“”);` The attack is possible to a Client-side level (this due to the # fragment identifier).