apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/dynamic_fixtures/javascript/browser_event/vuln.js
Eli Peter 991c84a1eb
Dynamic (#77)
2026-06-05 10:16:30 -05:00

21 lines
673 B
JavaScript
Raw Permalink Blame History

// Phase 13 — browser-side event handler, vulnerable.
//
// Harness spins up jsdom (js_shared::emit_browser_event), assigns
// `globalThis.document`, then calls `clickHandler(payload)`. The handler
// writes payload into innerHTML — the XSS oracle's `<script>NYX_XSS_CONFIRMED
// </script>` payload appears in the serialised DOM the harness mirrors to
// stdout.
'use strict';
// nyx-shape: browser-event
function clickHandler(payload) {
process.stdout.write('__NYX_SINK_HIT__\n');
const el = document.getElementById('out');
if (el) {
el.innerHTML = String(payload);
}
return el ? el.innerHTML : '';
}
module.exports = { clickHandler };
Reference in a new issue View git blame Copy permalink