github · cklin · Apr 24, 2025
@@ -0,0 +1,13 @@
+Filtering alerts to these ranges:
+  jquery-plugin.js:all
+  lib/package.json:all
+  lib/src/MyNode.ts:all
+  lib2/index.ts:all
+  lib2/package.json:all
+  lib2/src/MyNode.ts:all
+  main.js:1-10
+  main.js:13-16
+  main.js:18-119
+  package.json:all
+  typed.ts:all
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
@@ -0,0 +1,13 @@
+Filtering alerts to these ranges:
+  jquery-plugin.js:all
+  lib/package.json:all
+  lib/src/MyNode.ts:all
+  lib2/index.ts:all
+  lib2/package.json:all
+  lib2/src/MyNode.ts:all
+  main.js:1-10
+  main.js:13-15
+  main.js:17-119
+  package.json:all
+  typed.ts:all
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:(16,21)-(16,35)
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:(17,48)-(17,50)
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:16
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  main.js:17
+Wrongly included: | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(15,28)-(15,35)
+Wrongly included: | polynomial-redos.js:15:2:15:52 | tainted ... (?!`)/) | This $@ that depends on $@ may run slow on strings starting with '`_' and with many repetitions of '\t'. | polynomial-redos.js:15:41:15:43 | \s* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(15,41)-(15,43)
+Wrongly included: | polynomial-redos.js:15:2:15:52 | tainted ... (?!`)/) | This $@ that depends on $@ may run slow on strings starting with '`' and with many repetitions of '\t'. | polynomial-redos.js:15:28:15:35 | [\s\S]*? | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(17,11)-(17,12)
+Wrongly included: | polynomial-redos.js:17:2:17:30 | /^(.*,) ... ainted) | This $@ that depends on $@ may run slow on strings with many repetitions of ','. | polynomial-redos.js:17:5:17:6 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(17,5)-(17,6)
+Wrongly included: | polynomial-redos.js:17:2:17:30 | /^(.*,) ... ainted) | This $@ that depends on $@ may run slow on strings starting with ',' and with many repetitions of ',,'. | polynomial-redos.js:17:11:17:12 | .+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(25,37)-(25,56)
+Wrongly included: | polynomial-redos.js:25:2:25:68 | tainted ... (.*)$/) | This $@ that depends on $@ may run slow on strings starting with '-\t\t' and with many repetitions of '='. | polynomial-redos.js:25:63:25:64 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(25,63)-(25,64)
+Wrongly included: | polynomial-redos.js:25:2:25:68 | tainted ... (.*)$/) | This $@ that depends on $@ may run slow on strings starting with '-\t' and with many repetitions of '\t\t'. | polynomial-redos.js:25:37:25:56 | [a-zA-Z0-9+\/ \t\n]+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(30,19)-(30,22)
+Wrongly included: | polynomial-redos.js:30:2:30:32 | tainted ... /g, "") | This $@ that depends on $@ may run slow on strings starting with '?' and with many repetitions of '?'. | polynomial-redos.js:30:23:30:24 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(30,23)-(30,24)
+Wrongly included: | polynomial-redos.js:30:2:30:32 | tainted ... /g, "") | This $@ that depends on $@ may run slow on strings with many repetitions of '?'. | polynomial-redos.js:30:19:30:22 | [?]+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(36,18)-(36,19)
+Wrongly included: | polynomial-redos.js:36:2:36:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<class="!"' and with many repetitions of 'class="!"'. | polynomial-redos.js:36:35:36:36 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(36,35)-(36,36)
+Wrongly included: | polynomial-redos.js:36:2:36:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:36:18:36:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(37,18)-(37,19)
+Wrongly included: | polynomial-redos.js:37:2:37:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<style="!"' and with many repetitions of 'style="!"'. | polynomial-redos.js:37:35:37:36 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(37,35)-(37,36)
+Wrongly included: | polynomial-redos.js:37:2:37:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:37:18:37:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(38,18)-(38,19)
+Wrongly included: | polynomial-redos.js:38:2:38:38 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<href="!"' and with many repetitions of 'href="!"'. | polynomial-redos.js:38:34:38:35 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(38,34)-(38,35)
+Wrongly included: | polynomial-redos.js:38:2:38:38 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:38:18:38:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(53,3)-(53,8)
+Wrongly included: | polynomial-redos.js:53:2:53:28 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings starting with 'B' and with many repetitions of 'Y'. | polynomial-redos.js:53:9:53:12 | (Y)* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(53,9)-(53,12)
+Wrongly included: | polynomial-redos.js:53:2:53:28 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings with many repetitions of 'B'. | polynomial-redos.js:53:3:53:8 | (B|Y)+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(54,10)-(54,13)
+Wrongly included: | polynomial-redos.js:54:3:54:29 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings with many repetitions of 'B'. | polynomial-redos.js:54:4:54:9 | (B|Y)+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(54,4)-(54,9)
+Wrongly included: | polynomial-redos.js:54:3:54:29 | /(B|Y)+ ... ainted) | This $@ that depends on $@ may run slow on strings starting with 'B' and with many repetitions of 'B'. | polynomial-redos.js:54:10:54:13 | (.)* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(75,18)-(75,19)
+Wrongly included: | polynomial-redos.js:75:2:75:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<class="!"' and with many repetitions of 'class="!"'. | polynomial-redos.js:75:35:75:36 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |
@@ -0,0 +1,3 @@
+Filtering alerts to these ranges:
+  polynomial-redos.js:(75,35)-(75,36)
+Wrongly included: | polynomial-redos.js:75:2:75:39 | tainted ... )".*>/) | This $@ that depends on $@ may run slow on strings starting with '<' and with many repetitions of '<'. | polynomial-redos.js:75:18:75:19 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value |