@@ -118,3 +118,42 @@ rl_stdin.question('<question>', handler);
118118rl_stdin . on ( "line" , ( line ) => { // $ threat-source=stdin
119119 SINK ( line ) ; // $ hasFlow
120120} ) ;
121+
122+ // ------ browser sources ------
123+
124+ function browserSources ( ) {
125+ const loc = window . location ; // $ threat-source=browser-url
126+
127+ // Accessing the browser URL via document.location
128+ SINK ( loc ) ; // $ hasFlow
129+
130+ // Accessing the browser URL via location.href
131+ var href = loc . href ; // $ threat-source=browser-url
132+ SINK ( href ) ; // $ hasFlow
133+
134+ // Accessing the query string via location.search
135+ var search = loc . search ; // $ threat-source=browser-url-query
136+ SINK ( search ) ; // $ hasFlow
137+
138+ // Accessing the fragment via location.hash
139+ var hash = loc . hash ; // $ threat-source=browser-url-fragment
140+ SINK ( hash ) ; // $ hasFlow
141+
142+ // Accessing window.name
143+ var wname = window . name ; // $ threat-source=browser-window-name
144+ SINK ( wname ) ; // $ hasFlow
145+
146+ // Accessing message events via window.onmessage
147+ window . onmessage = function ( event ) { // $ threat-source=browser-message-event
148+ SINK ( event ) ; // $ hasFlow
149+ } ;
150+
151+ // Accessing message events via addEventListener
152+ window . addEventListener ( "message" , function ( event ) { // $ threat-source=browser-message-event
153+ SINK ( event ) ; // $ hasFlow
154+ } ) ;
155+
156+ // Test custom source
157+ const customSource = require ( 'testlib' ) . getBrowserSource ( ) ; // $ threat-source=browser
158+ SINK ( customSource ) ; // $ hasFlow
159+ }
0 commit comments