injections(html): event attributes (#4750)

injections(html): inject javascript into event attributes

Adds javascript injections to HTML `onevent` attributes.
This commit is contained in:
Benny Powers 2023-05-03 12:56:13 +03:00 committed by GitHub
parent 1e9e1492ee
commit 5e95ecaad0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -66,3 +66,10 @@
(attribute_value) @regex
] (#eq? @_attr "pattern")))
))
; <input type="checkbox" onchange="this.closest('form').elements.output.value = this.checked">
(attribute
(attribute_name) @_name
(#lua-match? @_name "^on[a-z]+$")
(#offset! @javascript 0 1 0 -1)
(quoted_attribute_value) @javascript)