Taint Tracking Test Websites - Micro Benchmarks - fromCharCode-1

Description: Test the taint engine's ability on different builtins.

Source:

Type: ManuallyAdded

Code:

J$$.wrapTaint()

Sink:

Type: XSS

Code:

document.createElement('script').src

Testing Code:

* @Name: fromCharCode-1
 * @SourceType: ManuallyAdded
 * @SourceCode: J$$.wrapTaint()
 * @SinkType: XSS
 * @SinkCode: document.createElement('script').src
 */
(function() {
  // Check if J$$ exists
  if (typeof J$$ !== 'undefined' && J$$.wrapTaint) {
    let taintedValues = [74, 36, 49]; // Example ASCII values for 'J', '$', '1'
    taintedValues = J$$.wrapTaint(taintedValues);

    // Create a new script element
    let scriptEle = document.createElement('script');

    // Use fromCharCode to convert tainted values to a string
    let taintedSrc = String.fromCharCode.apply(null, taintedValues);
    // taintedSrc = String.fromCharCode(taintedValues[0], taintedValues[1], taintedValues[2]);
    // taintedSrc = String.fromCharCode.call(null, taintedValues[0], taintedValues[1], taintedValues[2]);
    // Set the src of the new script element
    scriptEle.src = `https://example.com/${taintedSrc}`;

  } else {
    console.error("J$$ is not defined or does not have wrapTaint method.");
  }
})();

Next Test