steve/go-extractor
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34161209de7cdda4bc4bee7c74b0ca54d6ddd67f
go-extractor/node_test.go
Steve Dudenhoeffer 6e94bfe10f
All checks were successful
CI / build (pull_request) Successful in 47s
Details
CI / test (pull_request) Successful in 48s
Details
CI / vet (pull_request) Successful in 1m1s
Details
fix: eliminate XSS vulnerability in SetAttribute by using Playwright arg passing 
Replace string interpolation in SetAttribute with Playwright's Evaluate
argument passing mechanism. This structurally eliminates the injection
surface — arbitrary name/value strings are safely passed as JavaScript
arguments rather than interpolated into the expression string.

The vulnerable escapeJavaScript helper (which only escaped \ and ') is
removed since it is no longer needed.

Closes #12

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 16:12:46 +00:00

2 lines
18 B
Go
Raw Blame History

package extractor
Reference in New Issue View Git Blame Copy Permalink