Add context/path information to JSON-based string accesses #199
Assignees
Labels
enhancement
New feature or request
Comments
|
@vladidx would you also need the entire JSON content as an additional argument, or do you have this information from e.g. the XHR response? Adding the entire JSON string as an argument might be quite memory intensive... |
|
No, the JSON content is not needed |
|
I'm working on a fix for this which would give: as the JSON Path for the above example. Would this be sufficient? |
|
Yes, that would be already sufficient, thanks. |
|
Ooops, just checked the spec again, I guess it should be a leading |
|
👍 |
|
This is implemented with #200 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
JSON objects are often created from XHR responses and then flowing into the DOM (potentially without escaping).
It would be quite helpful to know the path/context of the tainted string within the JSON object, e.g. as part of the arguments:
Ideally, the context information would be a kind of XPath for JSON as described here.
The text was updated successfully, but these errors were encountered: