From 30cd447f69c1bacf0451394d42c54644931167b6 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Wed, 26 Oct 2022 11:55:16 -0400
Subject: [PATCH 01/93] Java: Add class to represent
 `android.webkit.WebView#addJavascriptInterface`

---
 .../lib/semmle/code/java/frameworks/android/WebView.qll   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll b/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
index 8dd91f73f65..cb595e19f6f 100644
--- a/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
@@ -39,6 +39,14 @@ class WebViewGetUrlMethod extends Method {
   }
 }
 
+/** The method `addJavascriptInterface` of the class `android.webkit.WebView` */
+class WebViewAddJavascriptInterfaceMethod extends Method {
+  WebViewAddJavascriptInterfaceMethod() {
+    this.getDeclaringType() instanceof TypeWebView and
+    this.hasName("addJavascriptInterface")
+  }
+}
+
 /**
  * A method allowing any-local-file and cross-origin access in the class `android.webkit.WebSettings`.
  */

From e1ff04cd952225bd8a9cbd8074a210b0475694a5 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Wed, 26 Oct 2022 11:55:54 -0400
Subject: [PATCH 02/93] Java: Query for
 `android.webkit.WebView#addJavascriptInterface`

---
 .../AndroidWebViewAddJavascriptInterface.ql     | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql

diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
new file mode 100644
index 00000000000..59fd195d7d0
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
@@ -0,0 +1,17 @@
+/**
+ * @id java/android-webview-addjavascriptinterface
+ * @description Exposing a Javascript interface to a Java object in a WebView can lead to malicious JavaScript controlling the application.
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 6.1
+ * @precision high
+ * @tags security
+ *       external/cwe/cwe-079
+ */
+
+import java
+import semmle.code.java.frameworks.android.WebView
+
+from MethodAccess ma
+where ma.getMethod() instanceof WebViewAddJavascriptInterfaceMethod
+select ma, "JavaScript interface to Java object added in Android WebView."

From e09f0861f319e1e9acbcddebc9d137dda0a3ee1b Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Fri, 11 Nov 2022 23:00:55 -0500
Subject: [PATCH 03/93] Java: documentation for WebView#addJavascriptInterface
 query

---
 ...AndroidWebViewAddJavascriptInterface.qhelp | 40 +++++++++++++++++++
 ...dWebViewAddJavascriptInterfaceExample.java | 11 +++++
 2 files changed, 51 insertions(+)
 create mode 100644 java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp
 create mode 100644 java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java

diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp
new file mode 100644
index 00000000000..5cadc31d810
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp
@@ -0,0 +1,40 @@
+<!DOCTYPE qhelp PUBLIC
+ "-//Semmle//qhelp//EN"
+ "qhelp.dtd">
+<qhelp>
+  <overview>
+    <p>
+      The <code>addJavascriptInterface</code> method of
+      the <code>android.webkit.WebView</code> class allows the web pages of a
+      WebView to access methods of a Java object via JavaScript.
+    </p>
+
+    <p>
+      Objects exposed to Javascript are available in all frames of the
+      WebView.
+    </p>
+  </overview>
+
+  <recommendation>
+    <p>
+      If you need to expose Java objects with Javascript, you should guarantee
+      that no untrusted third party content is loaded into the WebView.
+    </p>
+  </recommendation>
+
+  <example>
+    <p>
+      In the following (bad) example, a Java object is exposed to Javascript.
+    </p>
+
+    <sample src="AndroidWebViewAddJavascriptInterfaceExample.java"/>
+
+  </example>
+
+  <references>
+    <li>
+      Android Documentation<a href="https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object">addJavascriptInterface</a>
+    </li>
+  </references>
+
+</qhelp>
diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java
new file mode 100644
index 00000000000..fdb1844d025
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java
@@ -0,0 +1,11 @@
+class ExposedObject {
+    @JavascriptInterface
+    public String example() {
+        return "String from Java";
+    }
+}
+
+webview.getSettings().setJavaScriptEnabled(true);
+webview.addJavaScriptInterface(new ExposedObject(), "exposedObject");
+webview.loadData("", "text/html", null);
+webview.loadUrl("javascript:alert(exposedObject.example())");

From 3b96fefc71b5bbbeb044f40be6385c54c7809108 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Tue, 15 Nov 2022 23:26:49 -0500
Subject: [PATCH 04/93] Java: Add Android stubs to options file for CWE-079
 test cases

---
 java/ql/test/query-tests/security/CWE-079/semmle/tests/options | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/options b/java/ql/test/query-tests/security/CWE-079/semmle/tests/options
index 22487fb2daf..62fc56e6792 100644
--- a/java/ql/test/query-tests/security/CWE-079/semmle/tests/options
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/options
@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/:${testdir}/../../../../../stubs/google-android-9.0.0

From eb8ef72e477371dbd62362757a937756ec4ee46e Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Tue, 15 Nov 2022 23:28:18 -0500
Subject: [PATCH 05/93] Java: addJavascriptInterface query test case

---
 .../tests/WebViewAddJavascriptInterface.expected     |  1 +
 .../semmle/tests/WebViewAddJavascriptInterface.java  | 12 ++++++++++++
 .../semmle/tests/WebViewAddJavascriptInterface.qlref |  1 +
 3 files changed, 14 insertions(+)
 create mode 100644 java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.expected
 create mode 100644 java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java
 create mode 100644 java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref

diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.expected b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.expected
new file mode 100644
index 00000000000..6974a4a8511
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.expected
@@ -0,0 +1 @@
+| WebViewAddJavascriptInterface.java:10:9:10:61 | addJavascriptInterface(...) | JavaScript interface to Java object added in Android WebView. |
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java
new file mode 100644
index 00000000000..50fc3847705
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.java
@@ -0,0 +1,12 @@
+package com.example.test;
+
+import android.webkit.WebView;
+
+class WebViewAddJavascriptInterface {
+    class Greeter {
+    }
+
+    public void addGreeter(WebView view) {
+        view.addJavascriptInterface(new Greeter(), "greeter");
+    }
+}
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref
new file mode 100644
index 00000000000..1161c47dda6
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewAddJavascriptInterface.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql

From 38d47d63ec92906962e25c8334ad2590d205337c Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Tue, 15 Nov 2022 23:40:03 -0500
Subject: [PATCH 06/93] Java: Add change note for `addJavascriptInterface`
 query

---
 .../2022-11-15-android-webview-addjavascript-interface.md    | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 java/ql/src/change-notes/2022-11-15-android-webview-addjavascript-interface.md

diff --git a/java/ql/src/change-notes/2022-11-15-android-webview-addjavascript-interface.md b/java/ql/src/change-notes/2022-11-15-android-webview-addjavascript-interface.md
new file mode 100644
index 00000000000..ad2c46585f2
--- /dev/null
+++ b/java/ql/src/change-notes/2022-11-15-android-webview-addjavascript-interface.md
@@ -0,0 +1,5 @@
+---
+category: newQuery
+---
+* Added a new query `java/android-webview-addjavascriptinterface` to detect the use of `addJavascriptInterface`, which can lead to cross-site scripting.
+

From d35321f40eb6676f3874bfd3b5531d3cec9fc1b1 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Wed, 30 Nov 2022 11:35:14 -0500
Subject: [PATCH 07/93] Java: change WebView addJavascriptInterface query
 precision to medium

---
 .../CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
index 59fd195d7d0..d481de249ca 100644
--- a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
@@ -4,7 +4,7 @@
  * @kind problem
  * @problem.severity warning
  * @security-severity 6.1
- * @precision high
+ * @precision medium
  * @tags security
  *       external/cwe/cwe-079
  */

From 04829fc38e6de25474416cd013a64404693a657c Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Wed, 30 Nov 2022 13:32:28 -0500
Subject: [PATCH 08/93] Java: SQLInjection example for addJavaScriptInterface
 query

---
 ...dWebViewAddJavascriptInterfaceExample.java | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java
index fdb1844d025..fb4e1182a5a 100644
--- a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java
@@ -1,11 +1,23 @@
-class ExposedObject {
+import android.webkit.JavascriptInterface;
+import android.database.sqlite.SQLiteOpenHelper;
+
+class ExposedObject extends SQLiteOpenHelper {
     @JavascriptInterface
-    public String example() {
-        return "String from Java";
+    public String studentEmail(String studentName) {
+        // SQL injection
+        String query = "SELECT email FROM students WHERE studentname = '" + studentName + "'";
+
+        Cursor cursor = db.rawQuery(query, null);
+        cursor.moveToFirst();
+        String email = cursor.getString(0);
+
+        return email;
     }
 }
 
 webview.getSettings().setJavaScriptEnabled(true);
 webview.addJavaScriptInterface(new ExposedObject(), "exposedObject");
 webview.loadData("", "text/html", null);
-webview.loadUrl("javascript:alert(exposedObject.example())");
+
+String name = "Robert'; DROP TABLE students; --";
+webview.loadUrl("javascript:alert(exposedObject.studentEmail(\""+ name +"\"))");

From 66946ebf6a60cd0f948f4ad860d9a589cc18b108 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Mon, 5 Dec 2022 21:40:43 +0100
Subject: [PATCH 09/93] add Kernel methods as sinks to path-injection

---
 .../ql/lib/codeql/ruby/frameworks/core/Kernel.qll | 15 +++++++++++++++
 .../security/cwe-022/PathInjection.expected       | 11 +++++++++++
 .../query-tests/security/cwe-022/tainted_path.rb  |  7 +++++++
 3 files changed, 33 insertions(+)

diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
index 71013f43936..5fc9d6eef29 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -179,4 +179,19 @@ module Kernel {
       preservesValue = true
     }
   }
+
+  /** A call to e.g. `Kernel.load` that accesses a file. */
+  private class KernelFileAccess extends FileSystemAccess::Range instanceof KernelMethodCall {
+    KernelFileAccess() {
+      super.getMethodName() = ["load", "require", "require_relative", "autoload", "autoload?"]
+    }
+
+    override DataFlow::Node getAPathArgument() {
+      result = super.getArgument(0) and
+      super.getMethodName() = ["load", "require", "require_relative"]
+      or
+      result = super.getArgument(1) and
+      super.getMethodName() = ["autoload", "autoload?"]
+    }
+  }
 }
diff --git a/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected b/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
index ffb851c35ed..ee774315767 100644
--- a/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
+++ b/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
@@ -43,6 +43,10 @@ edges
 | tainted_path.rb:77:12:77:53 | call to new :  | tainted_path.rb:79:14:79:17 | path |
 | tainted_path.rb:77:40:77:45 | call to params :  | tainted_path.rb:77:40:77:52 | ...[...] :  |
 | tainted_path.rb:77:40:77:52 | ...[...] :  | tainted_path.rb:77:12:77:53 | call to new :  |
+| tainted_path.rb:84:12:84:53 | call to new :  | tainted_path.rb:85:10:85:13 | path |
+| tainted_path.rb:84:12:84:53 | call to new :  | tainted_path.rb:86:25:86:28 | path |
+| tainted_path.rb:84:40:84:45 | call to params :  | tainted_path.rb:84:40:84:52 | ...[...] :  |
+| tainted_path.rb:84:40:84:52 | ...[...] :  | tainted_path.rb:84:12:84:53 | call to new :  |
 nodes
 | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params :  | semmle.label | call to params :  |
 | ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] :  | semmle.label | ...[...] :  |
@@ -102,6 +106,11 @@ nodes
 | tainted_path.rb:77:40:77:52 | ...[...] :  | semmle.label | ...[...] :  |
 | tainted_path.rb:78:19:78:22 | path | semmle.label | path |
 | tainted_path.rb:79:14:79:17 | path | semmle.label | path |
+| tainted_path.rb:84:12:84:53 | call to new :  | semmle.label | call to new :  |
+| tainted_path.rb:84:40:84:45 | call to params :  | semmle.label | call to params :  |
+| tainted_path.rb:84:40:84:52 | ...[...] :  | semmle.label | ...[...] :  |
+| tainted_path.rb:85:10:85:13 | path | semmle.label | path |
+| tainted_path.rb:86:25:86:28 | path | semmle.label | path |
 subpaths
 #select
 | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params :  | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | This path depends on a $@. | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | user-provided value |
@@ -119,3 +128,5 @@ subpaths
 | tainted_path.rb:72:15:72:18 | path | tainted_path.rb:71:40:71:45 | call to params :  | tainted_path.rb:72:15:72:18 | path | This path depends on a $@. | tainted_path.rb:71:40:71:45 | call to params | user-provided value |
 | tainted_path.rb:78:19:78:22 | path | tainted_path.rb:77:40:77:45 | call to params :  | tainted_path.rb:78:19:78:22 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |
 | tainted_path.rb:79:14:79:17 | path | tainted_path.rb:77:40:77:45 | call to params :  | tainted_path.rb:79:14:79:17 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |
+| tainted_path.rb:85:10:85:13 | path | tainted_path.rb:84:40:84:45 | call to params :  | tainted_path.rb:85:10:85:13 | path | This path depends on a $@. | tainted_path.rb:84:40:84:45 | call to params | user-provided value |
+| tainted_path.rb:86:25:86:28 | path | tainted_path.rb:84:40:84:45 | call to params :  | tainted_path.rb:86:25:86:28 | path | This path depends on a $@. | tainted_path.rb:84:40:84:45 | call to params | user-provided value |
diff --git a/ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb b/ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb
index a19532fb542..495b7324e37 100644
--- a/ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb
+++ b/ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb
@@ -78,4 +78,11 @@ class FooController < ActionController::Base
     bla (Dir.glob path)
     bla (Dir[path])
   end
+
+  # BAD
+  def route13
+    path = ActiveStorage::Filename.new(params[:path])
+    load(path)
+    autoload(:MyModule, path)
+  end
 end

From 5849b2c98aa6326832be68409df7c5d60ea68d01 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Tue, 6 Dec 2022 14:09:39 +0100
Subject: [PATCH 10/93] drive-by: simplify the imports in PathInjection.ql

---
 ruby/ql/src/queries/security/cwe-022/PathInjection.ql | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ruby/ql/src/queries/security/cwe-022/PathInjection.ql b/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
index 58dad87fae4..09e17a5ed01 100644
--- a/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
+++ b/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
@@ -15,9 +15,8 @@
  *       external/cwe/cwe-099
  */
 
-import codeql.ruby.AST
+import ruby
 import codeql.ruby.security.PathInjectionQuery
-import codeql.ruby.DataFlow
 import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink

From e24f041661dfb8a5e00ae00206f1560dd779fc40 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Tue, 6 Dec 2022 14:21:48 +0100
Subject: [PATCH 11/93] drive-by: use `instanceof KernelMethodCall` such that
 `override getAnArgument` cannot be mistaken for a method in `CallNode`

---
 .../lib/codeql/ruby/frameworks/core/Kernel.qll | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
index 5fc9d6eef29..d36b239fce4 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -92,14 +92,14 @@ module Kernel {
    * ```
    * Ruby documentation: https://docs.ruby-lang.org/en/3.0.0/Kernel.html#method-i-system
    */
-  class KernelSystemCall extends SystemCommandExecution::Range, KernelMethodCall {
+  class KernelSystemCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
     KernelSystemCall() { this.getMethodName() = "system" }
 
-    override DataFlow::Node getAnArgument() { result = this.getArgument(_) }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
     override predicate isShellInterpreted(DataFlow::Node arg) {
       // Kernel.system invokes a subshell if you provide a single string as argument
-      this.getNumberOfArguments() = 1 and arg = this.getAnArgument()
+      super.getNumberOfArguments() = 1 and arg = this.getAnArgument()
     }
   }
 
@@ -108,14 +108,14 @@ module Kernel {
    * `Kernel.exec` takes the same argument forms as `Kernel.system`. See `KernelSystemCall` for details.
    * Ruby documentation: https://docs.ruby-lang.org/en/3.0.0/Kernel.html#method-i-exec
    */
-  class KernelExecCall extends SystemCommandExecution::Range, KernelMethodCall {
+  class KernelExecCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
     KernelExecCall() { this.getMethodName() = "exec" }
 
-    override DataFlow::Node getAnArgument() { result = this.getArgument(_) }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
     override predicate isShellInterpreted(DataFlow::Node arg) {
       // Kernel.exec invokes a subshell if you provide a single string as argument
-      this.getNumberOfArguments() = 1 and arg = this.getAnArgument()
+      super.getNumberOfArguments() = 1 and arg = this.getAnArgument()
     }
   }
 
@@ -129,14 +129,14 @@ module Kernel {
    * spawn([env,] command... [,options]) -> pid
    * ```
    */
-  class KernelSpawnCall extends SystemCommandExecution::Range, KernelMethodCall {
+  class KernelSpawnCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
     KernelSpawnCall() { this.getMethodName() = "spawn" }
 
-    override DataFlow::Node getAnArgument() { result = this.getArgument(_) }
+    override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
     override predicate isShellInterpreted(DataFlow::Node arg) {
       // Kernel.spawn invokes a subshell if you provide a single string as argument
-      this.getNumberOfArguments() = 1 and arg = this.getAnArgument()
+      super.getNumberOfArguments() = 1 and arg = this.getAnArgument()
     }
   }
 

From 0e9cd1e4b544441f0da40758ebb5e2f46af7ccd6 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Tue, 6 Dec 2022 13:58:16 +0100
Subject: [PATCH 12/93] factor out methodName to a field in KernelMethodCall

---
 .../codeql/ruby/frameworks/core/Kernel.qll    | 31 ++++++++++++-------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
index d36b239fce4..1b4573c9ffa 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -18,17 +18,26 @@ module Kernel {
    * providing a specific receiver as in `Kernel.exit`.
    */
   class KernelMethodCall extends DataFlow::CallNode {
+    string methodName;
+
     KernelMethodCall() {
-      this = API::getTopLevelMember("Kernel").getAMethodCall(_)
+      this = API::getTopLevelMember("Kernel").getAMethodCall(methodName)
       or
       this.asExpr().getExpr() instanceof UnknownMethodCall and
+      methodName = super.getMethodName() and
       (
         this.getReceiver().asExpr().getExpr() instanceof SelfVariableAccess and
-        isPrivateKernelMethod(this.getMethodName())
+        isPrivateKernelMethod(methodName)
         or
-        isPublicKernelMethod(this.getMethodName())
+        isPublicKernelMethod(methodName)
       )
     }
+
+    /**
+     * Gets which method of `Kernel` is called.
+     * Works even when the call is a `super(...)` call.
+     */
+    string getKernelMethod() { result = methodName }
   }
 
   /**
@@ -93,7 +102,7 @@ module Kernel {
    * Ruby documentation: https://docs.ruby-lang.org/en/3.0.0/Kernel.html#method-i-system
    */
   class KernelSystemCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
-    KernelSystemCall() { this.getMethodName() = "system" }
+    KernelSystemCall() { this.getKernelMethod() = "system" }
 
     override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
@@ -109,7 +118,7 @@ module Kernel {
    * Ruby documentation: https://docs.ruby-lang.org/en/3.0.0/Kernel.html#method-i-exec
    */
   class KernelExecCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
-    KernelExecCall() { this.getMethodName() = "exec" }
+    KernelExecCall() { this.getKernelMethod() = "exec" }
 
     override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
@@ -130,7 +139,7 @@ module Kernel {
    * ```
    */
   class KernelSpawnCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
-    KernelSpawnCall() { this.getMethodName() = "spawn" }
+    KernelSpawnCall() { this.getKernelMethod() = "spawn" }
 
     override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
@@ -149,7 +158,7 @@ module Kernel {
    * ```
    */
   class EvalCallCodeExecution extends CodeExecution::Range, KernelMethodCall {
-    EvalCallCodeExecution() { this.getMethodName() = "eval" }
+    EvalCallCodeExecution() { this.getKernelMethod() = "eval" }
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
   }
@@ -163,7 +172,7 @@ module Kernel {
    * ```
    */
   class SendCallCodeExecution extends CodeExecution::Range, KernelMethodCall {
-    SendCallCodeExecution() { this.getMethodName() = "send" }
+    SendCallCodeExecution() { this.getKernelMethod() = "send" }
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
 
@@ -183,15 +192,15 @@ module Kernel {
   /** A call to e.g. `Kernel.load` that accesses a file. */
   private class KernelFileAccess extends FileSystemAccess::Range instanceof KernelMethodCall {
     KernelFileAccess() {
-      super.getMethodName() = ["load", "require", "require_relative", "autoload", "autoload?"]
+      super.getKernelMethod() = ["load", "require", "require_relative", "autoload", "autoload?"]
     }
 
     override DataFlow::Node getAPathArgument() {
       result = super.getArgument(0) and
-      super.getMethodName() = ["load", "require", "require_relative"]
+      super.getKernelMethod() = ["load", "require", "require_relative"]
       or
       result = super.getArgument(1) and
-      super.getMethodName() = ["autoload", "autoload?"]
+      super.getKernelMethod() = ["autoload", "autoload?"]
     }
   }
 }

From 8f0c0f3c174dae34380b332c237da6a78a968d79 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Tue, 6 Dec 2022 14:08:04 +0100
Subject: [PATCH 13/93] add support for super calls to Kernel

---
 ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll     | 10 +++++++++-
 .../security/cwe-022/PathInjection.expected            |  8 ++++++++
 .../test/query-tests/security/cwe-022/tainted_path.rb  |  6 ++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
index 1b4573c9ffa..6f66c40f89a 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -24,11 +24,19 @@ module Kernel {
       this = API::getTopLevelMember("Kernel").getAMethodCall(methodName)
       or
       this.asExpr().getExpr() instanceof UnknownMethodCall and
-      methodName = super.getMethodName() and
+      (
+        methodName = super.getMethodName()
+        or
+        this.asExpr().getExpr() instanceof SuperCall and
+        methodName = this.asExpr().getExpr().getEnclosingCallable().(MethodBase).getName()
+      ) and
       (
         this.getReceiver().asExpr().getExpr() instanceof SelfVariableAccess and
         isPrivateKernelMethod(methodName)
         or
+        this.asExpr().getExpr() instanceof SuperCall and
+        isPrivateKernelMethod(methodName)
+        or
         isPublicKernelMethod(methodName)
       )
     }
diff --git a/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected b/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
index ee774315767..5e05271252e 100644
--- a/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
+++ b/ruby/ql/test/query-tests/security/cwe-022/PathInjection.expected
@@ -47,6 +47,9 @@ edges
 | tainted_path.rb:84:12:84:53 | call to new :  | tainted_path.rb:86:25:86:28 | path |
 | tainted_path.rb:84:40:84:45 | call to params :  | tainted_path.rb:84:40:84:52 | ...[...] :  |
 | tainted_path.rb:84:40:84:52 | ...[...] :  | tainted_path.rb:84:12:84:53 | call to new :  |
+| tainted_path.rb:90:12:90:53 | call to new :  | tainted_path.rb:92:11:92:14 | path |
+| tainted_path.rb:90:40:90:45 | call to params :  | tainted_path.rb:90:40:90:52 | ...[...] :  |
+| tainted_path.rb:90:40:90:52 | ...[...] :  | tainted_path.rb:90:12:90:53 | call to new :  |
 nodes
 | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params :  | semmle.label | call to params :  |
 | ArchiveApiPathTraversal.rb:5:26:5:42 | ...[...] :  | semmle.label | ...[...] :  |
@@ -111,6 +114,10 @@ nodes
 | tainted_path.rb:84:40:84:52 | ...[...] :  | semmle.label | ...[...] :  |
 | tainted_path.rb:85:10:85:13 | path | semmle.label | path |
 | tainted_path.rb:86:25:86:28 | path | semmle.label | path |
+| tainted_path.rb:90:12:90:53 | call to new :  | semmle.label | call to new :  |
+| tainted_path.rb:90:40:90:45 | call to params :  | semmle.label | call to params :  |
+| tainted_path.rb:90:40:90:52 | ...[...] :  | semmle.label | ...[...] :  |
+| tainted_path.rb:92:11:92:14 | path | semmle.label | path |
 subpaths
 #select
 | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params :  | ArchiveApiPathTraversal.rb:59:21:59:36 | destination_file | This path depends on a $@. | ArchiveApiPathTraversal.rb:5:26:5:31 | call to params | user-provided value |
@@ -130,3 +137,4 @@ subpaths
 | tainted_path.rb:79:14:79:17 | path | tainted_path.rb:77:40:77:45 | call to params :  | tainted_path.rb:79:14:79:17 | path | This path depends on a $@. | tainted_path.rb:77:40:77:45 | call to params | user-provided value |
 | tainted_path.rb:85:10:85:13 | path | tainted_path.rb:84:40:84:45 | call to params :  | tainted_path.rb:85:10:85:13 | path | This path depends on a $@. | tainted_path.rb:84:40:84:45 | call to params | user-provided value |
 | tainted_path.rb:86:25:86:28 | path | tainted_path.rb:84:40:84:45 | call to params :  | tainted_path.rb:86:25:86:28 | path | This path depends on a $@. | tainted_path.rb:84:40:84:45 | call to params | user-provided value |
+| tainted_path.rb:92:11:92:14 | path | tainted_path.rb:90:40:90:45 | call to params :  | tainted_path.rb:92:11:92:14 | path | This path depends on a $@. | tainted_path.rb:90:40:90:45 | call to params | user-provided value |
diff --git a/ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb b/ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb
index 495b7324e37..d47607e6734 100644
--- a/ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb
+++ b/ruby/ql/test/query-tests/security/cwe-022/tainted_path.rb
@@ -85,4 +85,10 @@ class FooController < ActionController::Base
     load(path)
     autoload(:MyModule, path)
   end
+
+  def require_relative()
+    path = ActiveStorage::Filename.new(params[:path])
+    puts "Debug: require_relative(#{path})"
+    super(path)
+  end
 end

From 52c0afa03fbf750a5828d8e06fd65c2d7ce8ee69 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Wed, 7 Dec 2022 10:27:35 +0100
Subject: [PATCH 14/93] change `getMethodName` to `getKernelMethod` in other
 files

---
 ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll | 2 +-
 ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll          | 2 +-
 .../codeql/ruby/security/StackTraceExposureCustomizations.qll | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll
index 25bd4474ce6..d9201f1c8c5 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll
@@ -29,7 +29,7 @@ DataFlow::Node fileInstanceInstantiation() {
   result = API::getTopLevelMember("File").getAMethodCall(["open", "try_convert"])
   or
   // Calls to `Kernel.open` can yield `File` instances
-  result.(KernelMethodCall).getMethodName() = "open" and
+  result.(KernelMethodCall).getKernelMethod() = "open" and
   // Assume that calls that don't invoke shell commands will instead open
   // a file.
   not pathArgSpawnsSubprocess(result.(KernelMethodCall).getArgument(0).asExpr().getExpr())
diff --git a/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll b/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
index 309a26ac9df..260bb2a678d 100644
--- a/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
@@ -13,7 +13,7 @@ class AmbiguousPathCall extends DataFlow::CallNode {
   string name;
 
   AmbiguousPathCall() {
-    this.(KernelMethodCall).getMethodName() = "open" and
+    this.(KernelMethodCall).getKernelMethod() = "open" and
     name = "Kernel.open"
     or
     this = API::getTopLevelMember("IO").getAMethodCall("read") and
diff --git a/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll
index 9a25dda844d..789c568ea0c 100644
--- a/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll
@@ -41,8 +41,8 @@ module StackTraceExposure {
   /**
    * A call to `Kernel#caller`, considered as a flow source.
    */
-  class KernelCallerCall extends Source, Kernel::KernelMethodCall {
-    KernelCallerCall() { this.getMethodName() = "caller" }
+  class KernelCallerCall extends Source instanceof Kernel::KernelMethodCall {
+    KernelCallerCall() { super.getKernelMethod() = "caller" }
   }
 
   /**

From 360a99f026b48869b67a4a1d856f00820a762556 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Wed, 7 Dec 2022 13:14:48 +0100
Subject: [PATCH 15/93] delete `getKernelMethod` and don't special-case the
 methodName on super-calls in the `Kernel` model

---
 .../codeql/ruby/frameworks/core/Kernel.qll    | 38 ++++++-------------
 .../frameworks/core/internal/IOOrFile.qll     |  2 +-
 .../codeql/ruby/security/KernelOpenQuery.qll  |  2 +-
 .../StackTraceExposureCustomizations.qll      |  2 +-
 4 files changed, 15 insertions(+), 29 deletions(-)

diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
index 6f66c40f89a..bf487904134 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
@@ -18,34 +18,20 @@ module Kernel {
    * providing a specific receiver as in `Kernel.exit`.
    */
   class KernelMethodCall extends DataFlow::CallNode {
-    string methodName;
-
     KernelMethodCall() {
-      this = API::getTopLevelMember("Kernel").getAMethodCall(methodName)
+      this = API::getTopLevelMember("Kernel").getAMethodCall(_)
       or
       this.asExpr().getExpr() instanceof UnknownMethodCall and
-      (
-        methodName = super.getMethodName()
-        or
-        this.asExpr().getExpr() instanceof SuperCall and
-        methodName = this.asExpr().getExpr().getEnclosingCallable().(MethodBase).getName()
-      ) and
       (
         this.getReceiver().asExpr().getExpr() instanceof SelfVariableAccess and
-        isPrivateKernelMethod(methodName)
+        isPrivateKernelMethod(super.getMethodName())
         or
         this.asExpr().getExpr() instanceof SuperCall and
-        isPrivateKernelMethod(methodName)
+        isPrivateKernelMethod(super.getMethodName())
         or
-        isPublicKernelMethod(methodName)
+        isPublicKernelMethod(super.getMethodName())
       )
     }
-
-    /**
-     * Gets which method of `Kernel` is called.
-     * Works even when the call is a `super(...)` call.
-     */
-    string getKernelMethod() { result = methodName }
   }
 
   /**
@@ -110,7 +96,7 @@ module Kernel {
    * Ruby documentation: https://docs.ruby-lang.org/en/3.0.0/Kernel.html#method-i-system
    */
   class KernelSystemCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
-    KernelSystemCall() { this.getKernelMethod() = "system" }
+    KernelSystemCall() { this.getMethodName() = "system" }
 
     override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
@@ -126,7 +112,7 @@ module Kernel {
    * Ruby documentation: https://docs.ruby-lang.org/en/3.0.0/Kernel.html#method-i-exec
    */
   class KernelExecCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
-    KernelExecCall() { this.getKernelMethod() = "exec" }
+    KernelExecCall() { this.getMethodName() = "exec" }
 
     override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
@@ -147,7 +133,7 @@ module Kernel {
    * ```
    */
   class KernelSpawnCall extends SystemCommandExecution::Range instanceof KernelMethodCall {
-    KernelSpawnCall() { this.getKernelMethod() = "spawn" }
+    KernelSpawnCall() { this.getMethodName() = "spawn" }
 
     override DataFlow::Node getAnArgument() { result = super.getArgument(_) }
 
@@ -166,7 +152,7 @@ module Kernel {
    * ```
    */
   class EvalCallCodeExecution extends CodeExecution::Range, KernelMethodCall {
-    EvalCallCodeExecution() { this.getKernelMethod() = "eval" }
+    EvalCallCodeExecution() { this.getMethodName() = "eval" }
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
   }
@@ -180,7 +166,7 @@ module Kernel {
    * ```
    */
   class SendCallCodeExecution extends CodeExecution::Range, KernelMethodCall {
-    SendCallCodeExecution() { this.getKernelMethod() = "send" }
+    SendCallCodeExecution() { this.getMethodName() = "send" }
 
     override DataFlow::Node getCode() { result = this.getArgument(0) }
 
@@ -200,15 +186,15 @@ module Kernel {
   /** A call to e.g. `Kernel.load` that accesses a file. */
   private class KernelFileAccess extends FileSystemAccess::Range instanceof KernelMethodCall {
     KernelFileAccess() {
-      super.getKernelMethod() = ["load", "require", "require_relative", "autoload", "autoload?"]
+      super.getMethodName() = ["load", "require", "require_relative", "autoload", "autoload?"]
     }
 
     override DataFlow::Node getAPathArgument() {
       result = super.getArgument(0) and
-      super.getKernelMethod() = ["load", "require", "require_relative"]
+      super.getMethodName() = ["load", "require", "require_relative"]
       or
       result = super.getArgument(1) and
-      super.getKernelMethod() = ["autoload", "autoload?"]
+      super.getMethodName() = ["autoload", "autoload?"]
     }
   }
 }
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll
index d9201f1c8c5..25bd4474ce6 100644
--- a/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/core/internal/IOOrFile.qll
@@ -29,7 +29,7 @@ DataFlow::Node fileInstanceInstantiation() {
   result = API::getTopLevelMember("File").getAMethodCall(["open", "try_convert"])
   or
   // Calls to `Kernel.open` can yield `File` instances
-  result.(KernelMethodCall).getKernelMethod() = "open" and
+  result.(KernelMethodCall).getMethodName() = "open" and
   // Assume that calls that don't invoke shell commands will instead open
   // a file.
   not pathArgSpawnsSubprocess(result.(KernelMethodCall).getArgument(0).asExpr().getExpr())
diff --git a/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll b/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
index 260bb2a678d..309a26ac9df 100644
--- a/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/KernelOpenQuery.qll
@@ -13,7 +13,7 @@ class AmbiguousPathCall extends DataFlow::CallNode {
   string name;
 
   AmbiguousPathCall() {
-    this.(KernelMethodCall).getKernelMethod() = "open" and
+    this.(KernelMethodCall).getMethodName() = "open" and
     name = "Kernel.open"
     or
     this = API::getTopLevelMember("IO").getAMethodCall("read") and
diff --git a/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll
index 789c568ea0c..636a4ca5ac4 100644
--- a/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll
+++ b/ruby/ql/lib/codeql/ruby/security/StackTraceExposureCustomizations.qll
@@ -42,7 +42,7 @@ module StackTraceExposure {
    * A call to `Kernel#caller`, considered as a flow source.
    */
   class KernelCallerCall extends Source instanceof Kernel::KernelMethodCall {
-    KernelCallerCall() { super.getKernelMethod() = "caller" }
+    KernelCallerCall() { super.getMethodName() = "caller" }
   }
 
   /**

From ee8e0188a6c9a155aa936180ff6b272c0b052fd0 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Wed, 7 Dec 2022 13:23:18 +0100
Subject: [PATCH 16/93] remove redundant call, the charpred ensures it always
 holds

---
 ruby/ql/lib/codeql/ruby/ast/internal/Call.qll | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
index 9a1d41b097d..8ede4660152 100644
--- a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
+++ b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
@@ -78,12 +78,9 @@ class RegularMethodCall extends MethodCallImpl, TRegularMethodCall {
   }
 
   final override string getMethodNameImpl() {
-    isRegularMethodCall(g) and
-    (
-      result = "call" and not exists(g.getMethod())
-      or
-      result = g.getMethod().(Ruby::Token).getValue()
-    )
+    result = "call" and not exists(g.getMethod())
+    or
+    result = g.getMethod().(Ruby::Token).getValue()
   }
 
   final override Expr getArgumentImpl(int n) { toGenerated(result) = g.getArguments().getChild(n) }

From 8ab31bbe1ce9904dee18c3f911e1289a544ec44e Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Wed, 7 Dec 2022 14:09:36 +0100
Subject: [PATCH 17/93] have `getMethodName` return the method being called for
 super-calls

---
 ruby/ql/lib/codeql/ruby/ast/Call.qll          | 15 +++-
 ruby/ql/lib/codeql/ruby/ast/internal/Call.qll | 18 ++++-
 ruby/ql/test/library-tests/ast/Ast.expected   | 22 ++---
 .../library-tests/ast/calls/calls.expected    | 80 +++++++++----------
 .../controlflow/graph/Cfg.expected            |  4 +-
 .../controlflow/graph/Nodes.expected          |  2 +-
 .../library-tests/modules/callgraph.expected  |  4 +-
 .../library-tests/modules/methods.expected    |  4 +-
 .../library-tests/modules/modules.expected    |  4 +-
 9 files changed, 90 insertions(+), 63 deletions(-)

diff --git a/ruby/ql/lib/codeql/ruby/ast/Call.qll b/ruby/ql/lib/codeql/ruby/ast/Call.qll
index 04ac15ededc..7f14dabc0a9 100644
--- a/ruby/ql/lib/codeql/ruby/ast/Call.qll
+++ b/ruby/ql/lib/codeql/ruby/ast/Call.qll
@@ -94,6 +94,15 @@ class MethodCall extends Call instanceof MethodCallImpl {
    * ```
    *
    * the result is `"bar"`.
+   *
+   * Super calls call a method with the same name as the current method, so
+   * the result for a super call is the name of the current method.
+   * E.g:
+   * ```rb
+   * def foo
+   *  super # the result for this super call is "foo"
+   * end
+   * ```
    */
   final string getMethodName() { result = super.getMethodNameImpl() }
 
@@ -113,7 +122,11 @@ class MethodCall extends Call instanceof MethodCallImpl {
    */
   final predicate isSafeNavigation() { super.isSafeNavigationImpl() }
 
-  override string toString() { result = "call to " + this.getMethodName() }
+  override string toString() {
+    if this instanceof SuperCall
+    then result = "super call to " + this.getMethodName()
+    else result = "call to " + this.getMethodName()
+  }
 
   override AstNode getAChild(string pred) {
     result = Call.super.getAChild(pred)
diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
index 8ede4660152..dfc553fb45d 100644
--- a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
+++ b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
@@ -112,12 +112,26 @@ class ElementReferenceImpl extends MethodCallImpl, TElementReference {
 
 abstract class SuperCallImpl extends MethodCallImpl, TSuperCall { }
 
+private Ruby::AstNode getSuperParent(Ruby::Super sup) {
+  result = sup
+  or
+  result = getSuperParent(sup).getParent() and
+  not result instanceof Ruby::Method
+}
+
+private string getSuperMethodName(Ruby::Super sup) {
+  exists(Ruby::Method meth |
+    meth = getSuperParent(sup).getParent().(Ruby::Method) and
+    result = any(Method c | toGenerated(c) = meth).getName()
+  )
+}
+
 class TokenSuperCall extends SuperCallImpl, TTokenSuperCall {
   private Ruby::Super g;
 
   TokenSuperCall() { this = TTokenSuperCall(g) }
 
-  final override string getMethodNameImpl() { result = g.getValue() }
+  final override string getMethodNameImpl() { result = getSuperMethodName(g) }
 
   final override Expr getReceiverImpl() { none() }
 
@@ -133,7 +147,7 @@ class RegularSuperCall extends SuperCallImpl, TRegularSuperCall {
 
   RegularSuperCall() { this = TRegularSuperCall(g) }
 
-  final override string getMethodNameImpl() { result = g.getMethod().(Ruby::Super).getValue() }
+  final override string getMethodNameImpl() { result = getSuperMethodName(g.getMethod()) }
 
   final override Expr getReceiverImpl() { none() }
 
diff --git a/ruby/ql/test/library-tests/ast/Ast.expected b/ruby/ql/test/library-tests/ast/Ast.expected
index 6701f5ce160..044c92b8ac3 100644
--- a/ruby/ql/test/library-tests/ast/Ast.expected
+++ b/ruby/ql/test/library-tests/ast/Ast.expected
@@ -496,30 +496,30 @@ calls/calls.rb:
 #  279|         getReceiver: [ConstantReadAccess] X
 #  284|   getStmt: [ClassDeclaration] MyClass
 #  285|     getStmt: [Method] my_method
-#  286|       getStmt: [SuperCall] call to super
-#  287|       getStmt: [SuperCall] call to super
-#  288|       getStmt: [SuperCall] call to super
+#  286|       getStmt: [SuperCall] super call to my_method
+#  287|       getStmt: [SuperCall] super call to my_method
+#  288|       getStmt: [SuperCall] super call to my_method
 #  288|         getArgument: [StringLiteral] "blah"
 #  288|           getComponent: [StringTextComponent] blah
-#  289|       getStmt: [SuperCall] call to super
+#  289|       getStmt: [SuperCall] super call to my_method
 #  289|         getArgument: [IntegerLiteral] 1
 #  289|         getArgument: [IntegerLiteral] 2
 #  289|         getArgument: [IntegerLiteral] 3
-#  290|       getStmt: [SuperCall] call to super
+#  290|       getStmt: [SuperCall] super call to my_method
 #  290|         getBlock: [BraceBlock] { ... }
 #  290|           getParameter: [SimpleParameter] x
 #  290|             getDefiningAccess: [LocalVariableAccess] x
 #  290|           getStmt: [AddExpr] ... + ...
 #  290|             getAnOperand/getLeftOperand/getReceiver: [LocalVariableAccess] x
 #  290|             getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 1
-#  291|       getStmt: [SuperCall] call to super
+#  291|       getStmt: [SuperCall] super call to my_method
 #  291|         getBlock: [DoBlock] do ... end
 #  291|           getParameter: [SimpleParameter] x
 #  291|             getDefiningAccess: [LocalVariableAccess] x
 #  291|           getStmt: [MulExpr] ... * ...
 #  291|             getAnOperand/getLeftOperand/getReceiver: [LocalVariableAccess] x
 #  291|             getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 2
-#  292|       getStmt: [SuperCall] call to super
+#  292|       getStmt: [SuperCall] super call to my_method
 #  292|         getArgument: [IntegerLiteral] 4
 #  292|         getArgument: [IntegerLiteral] 5
 #  292|         getBlock: [BraceBlock] { ... }
@@ -528,7 +528,7 @@ calls/calls.rb:
 #  292|           getStmt: [AddExpr] ... + ...
 #  292|             getAnOperand/getLeftOperand/getReceiver: [LocalVariableAccess] x
 #  292|             getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 100
-#  293|       getStmt: [SuperCall] call to super
+#  293|       getStmt: [SuperCall] super call to my_method
 #  293|         getArgument: [IntegerLiteral] 6
 #  293|         getArgument: [IntegerLiteral] 7
 #  293|         getBlock: [DoBlock] do ... end
@@ -545,7 +545,7 @@ calls/calls.rb:
 #  304|       getStmt: [MethodCall] call to super
 #  304|         getReceiver: [SelfVariableAccess] self
 #  305|       getStmt: [MethodCall] call to super
-#  305|         getReceiver: [SuperCall] call to super
+#  305|         getReceiver: [SuperCall] super call to another_method
 #  310|   getStmt: [MethodCall] call to call
 #  310|     getReceiver: [MethodCall] call to foo
 #  310|       getReceiver: [SelfVariableAccess] self
@@ -646,7 +646,7 @@ calls/calls.rb:
 #  328|             getComponent: [StringTextComponent] error
 #  331|   getStmt: [Method] foo
 #  331|     getParameter: [ForwardParameter] ...
-#  332|     getStmt: [SuperCall] call to super
+#  332|     getStmt: [SuperCall] super call to foo
 #  332|       getArgument: [ForwardedArguments] ...
 #  335|   getStmt: [Method] foo
 #  335|     getParameter: [SimpleParameter] a
@@ -1293,7 +1293,7 @@ modules/classes.rb:
 #   42|     getStmt: [Method] length
 #   43|       getStmt: [MulExpr] ... * ...
 #   43|         getAnOperand/getLeftOperand/getReceiver: [IntegerLiteral] 100
-#   43|         getAnOperand/getArgument/getRightOperand: [SuperCall] call to super
+#   43|         getAnOperand/getArgument/getRightOperand: [SuperCall] super call to length
 #   46|     getStmt: [Method] wibble
 #   47|       getStmt: [MethodCall] call to puts
 #   47|         getReceiver: [SelfVariableAccess] self
diff --git a/ruby/ql/test/library-tests/ast/calls/calls.expected b/ruby/ql/test/library-tests/ast/calls/calls.expected
index b56cbd61f37..048ebfcc280 100644
--- a/ruby/ql/test/library-tests/ast/calls/calls.expected
+++ b/ruby/ql/test/library-tests/ast/calls/calls.expected
@@ -1,8 +1,8 @@
 callsWithNoReceiverArgumentsOrBlock
 | calls.rb:31:3:31:7 | yield ... | (none) |
-| calls.rb:286:5:286:9 | call to super | super |
-| calls.rb:287:5:287:11 | call to super | super |
-| calls.rb:305:5:305:9 | call to super | super |
+| calls.rb:286:5:286:9 | super call to my_method | my_method |
+| calls.rb:287:5:287:11 | super call to my_method | my_method |
+| calls.rb:305:5:305:9 | super call to another_method | another_method |
 | calls.rb:345:9:345:13 | call to novar | novar |
 callsWithArguments
 | calls.rb:14:1:14:11 | call to foo | foo | 0 | calls.rb:14:5:14:5 | 0 |
@@ -34,17 +34,17 @@ callsWithArguments
 | calls.rb:275:1:275:13 | call to foo | foo | 0 | calls.rb:275:5:275:12 | ** ... |
 | calls.rb:278:1:278:14 | call to foo | foo | 0 | calls.rb:278:5:278:13 | Pair |
 | calls.rb:279:1:279:17 | call to foo | foo | 0 | calls.rb:279:5:279:16 | Pair |
-| calls.rb:288:5:288:16 | call to super | super | 0 | calls.rb:288:11:288:16 | "blah" |
-| calls.rb:289:5:289:17 | call to super | super | 0 | calls.rb:289:11:289:11 | 1 |
-| calls.rb:289:5:289:17 | call to super | super | 1 | calls.rb:289:14:289:14 | 2 |
-| calls.rb:289:5:289:17 | call to super | super | 2 | calls.rb:289:17:289:17 | 3 |
+| calls.rb:288:5:288:16 | super call to my_method | my_method | 0 | calls.rb:288:11:288:16 | "blah" |
+| calls.rb:289:5:289:17 | super call to my_method | my_method | 0 | calls.rb:289:11:289:11 | 1 |
+| calls.rb:289:5:289:17 | super call to my_method | my_method | 1 | calls.rb:289:14:289:14 | 2 |
+| calls.rb:289:5:289:17 | super call to my_method | my_method | 2 | calls.rb:289:17:289:17 | 3 |
 | calls.rb:290:17:290:21 | ... + ... | + | 0 | calls.rb:290:21:290:21 | 1 |
 | calls.rb:291:18:291:22 | ... * ... | * | 0 | calls.rb:291:22:291:22 | 2 |
-| calls.rb:292:5:292:30 | call to super | super | 0 | calls.rb:292:11:292:11 | 4 |
-| calls.rb:292:5:292:30 | call to super | super | 1 | calls.rb:292:14:292:14 | 5 |
+| calls.rb:292:5:292:30 | super call to my_method | my_method | 0 | calls.rb:292:11:292:11 | 4 |
+| calls.rb:292:5:292:30 | super call to my_method | my_method | 1 | calls.rb:292:14:292:14 | 5 |
 | calls.rb:292:22:292:28 | ... + ... | + | 0 | calls.rb:292:26:292:28 | 100 |
-| calls.rb:293:5:293:33 | call to super | super | 0 | calls.rb:293:11:293:11 | 6 |
-| calls.rb:293:5:293:33 | call to super | super | 1 | calls.rb:293:14:293:14 | 7 |
+| calls.rb:293:5:293:33 | super call to my_method | my_method | 0 | calls.rb:293:11:293:11 | 6 |
+| calls.rb:293:5:293:33 | super call to my_method | my_method | 1 | calls.rb:293:14:293:14 | 7 |
 | calls.rb:293:23:293:29 | ... + ... | + | 0 | calls.rb:293:27:293:29 | 200 |
 | calls.rb:311:1:311:7 | call to call | call | 0 | calls.rb:311:6:311:6 | 1 |
 | calls.rb:314:1:314:8 | call to foo= | foo= | 0 | calls.rb:314:12:314:13 | ... = ... |
@@ -91,7 +91,7 @@ callsWithArguments
 | calls.rb:320:21:320:31 | ... + ... | + | 0 | calls.rb:320:31:320:31 | 1 |
 | calls.rb:320:34:320:35 | ... * ... | * | 0 | calls.rb:320:37:320:37 | 2 |
 | calls.rb:328:25:328:37 | call to print | print | 0 | calls.rb:328:31:328:37 | "error" |
-| calls.rb:332:3:332:12 | call to super | super | 0 | calls.rb:332:9:332:11 | ... |
+| calls.rb:332:3:332:12 | super call to foo | foo | 0 | calls.rb:332:9:332:11 | ... |
 | calls.rb:336:3:336:13 | call to bar | bar | 0 | calls.rb:336:7:336:7 | b |
 | calls.rb:336:3:336:13 | call to bar | bar | 1 | calls.rb:336:10:336:12 | ... |
 | calls.rb:340:5:340:5 | call to [] | [] | 0 | calls.rb:340:5:340:5 | 0 |
@@ -305,7 +305,7 @@ callsWithReceiver
 | calls.rb:303:5:303:7 | call to foo | calls.rb:303:5:303:7 | self |
 | calls.rb:303:5:303:13 | call to super | calls.rb:303:5:303:7 | call to foo |
 | calls.rb:304:5:304:14 | call to super | calls.rb:304:5:304:8 | self |
-| calls.rb:305:5:305:15 | call to super | calls.rb:305:5:305:9 | call to super |
+| calls.rb:305:5:305:15 | call to super | calls.rb:305:5:305:9 | super call to another_method |
 | calls.rb:310:1:310:3 | call to foo | calls.rb:310:1:310:3 | self |
 | calls.rb:310:1:310:6 | call to call | calls.rb:310:1:310:3 | call to foo |
 | calls.rb:311:1:311:3 | call to foo | calls.rb:311:1:311:3 | self |
@@ -398,10 +398,10 @@ callsWithBlock
 | calls.rb:95:1:98:3 | call to foo | calls.rb:95:7:98:3 | do ... end |
 | calls.rb:226:1:228:3 | call to each | calls.rb:226:1:228:3 | { ... } |
 | calls.rb:229:1:231:3 | call to each | calls.rb:229:1:231:3 | { ... } |
-| calls.rb:290:5:290:23 | call to super | calls.rb:290:11:290:23 | { ... } |
-| calls.rb:291:5:291:26 | call to super | calls.rb:291:11:291:26 | do ... end |
-| calls.rb:292:5:292:30 | call to super | calls.rb:292:16:292:30 | { ... } |
-| calls.rb:293:5:293:33 | call to super | calls.rb:293:16:293:33 | do ... end |
+| calls.rb:290:5:290:23 | super call to my_method | calls.rb:290:11:290:23 | { ... } |
+| calls.rb:291:5:291:26 | super call to my_method | calls.rb:291:11:291:26 | do ... end |
+| calls.rb:292:5:292:30 | super call to my_method | calls.rb:292:16:292:30 | { ... } |
+| calls.rb:293:5:293:33 | super call to my_method | calls.rb:293:16:293:33 | do ... end |
 | calls.rb:340:1:342:3 | call to each | calls.rb:340:1:342:3 | { ... } |
 | calls.rb:364:1:364:23 | call to bar | calls.rb:364:15:364:23 | { ... } |
 | calls.rb:364:1:364:23 | call to bar | calls.rb:364:15:364:23 | { ... } |
@@ -409,31 +409,31 @@ yieldCalls
 | calls.rb:31:3:31:7 | yield ... |
 | calls.rb:36:3:36:16 | yield ... |
 superCalls
-| calls.rb:286:5:286:9 | call to super |
-| calls.rb:287:5:287:11 | call to super |
-| calls.rb:288:5:288:16 | call to super |
-| calls.rb:289:5:289:17 | call to super |
-| calls.rb:290:5:290:23 | call to super |
-| calls.rb:291:5:291:26 | call to super |
-| calls.rb:292:5:292:30 | call to super |
-| calls.rb:293:5:293:33 | call to super |
-| calls.rb:305:5:305:9 | call to super |
-| calls.rb:332:3:332:12 | call to super |
+| calls.rb:286:5:286:9 | super call to my_method |
+| calls.rb:287:5:287:11 | super call to my_method |
+| calls.rb:288:5:288:16 | super call to my_method |
+| calls.rb:289:5:289:17 | super call to my_method |
+| calls.rb:290:5:290:23 | super call to my_method |
+| calls.rb:291:5:291:26 | super call to my_method |
+| calls.rb:292:5:292:30 | super call to my_method |
+| calls.rb:293:5:293:33 | super call to my_method |
+| calls.rb:305:5:305:9 | super call to another_method |
+| calls.rb:332:3:332:12 | super call to foo |
 superCallsWithArguments
-| calls.rb:288:5:288:16 | call to super | 0 | calls.rb:288:11:288:16 | "blah" |
-| calls.rb:289:5:289:17 | call to super | 0 | calls.rb:289:11:289:11 | 1 |
-| calls.rb:289:5:289:17 | call to super | 1 | calls.rb:289:14:289:14 | 2 |
-| calls.rb:289:5:289:17 | call to super | 2 | calls.rb:289:17:289:17 | 3 |
-| calls.rb:292:5:292:30 | call to super | 0 | calls.rb:292:11:292:11 | 4 |
-| calls.rb:292:5:292:30 | call to super | 1 | calls.rb:292:14:292:14 | 5 |
-| calls.rb:293:5:293:33 | call to super | 0 | calls.rb:293:11:293:11 | 6 |
-| calls.rb:293:5:293:33 | call to super | 1 | calls.rb:293:14:293:14 | 7 |
-| calls.rb:332:3:332:12 | call to super | 0 | calls.rb:332:9:332:11 | ... |
+| calls.rb:288:5:288:16 | super call to my_method | 0 | calls.rb:288:11:288:16 | "blah" |
+| calls.rb:289:5:289:17 | super call to my_method | 0 | calls.rb:289:11:289:11 | 1 |
+| calls.rb:289:5:289:17 | super call to my_method | 1 | calls.rb:289:14:289:14 | 2 |
+| calls.rb:289:5:289:17 | super call to my_method | 2 | calls.rb:289:17:289:17 | 3 |
+| calls.rb:292:5:292:30 | super call to my_method | 0 | calls.rb:292:11:292:11 | 4 |
+| calls.rb:292:5:292:30 | super call to my_method | 1 | calls.rb:292:14:292:14 | 5 |
+| calls.rb:293:5:293:33 | super call to my_method | 0 | calls.rb:293:11:293:11 | 6 |
+| calls.rb:293:5:293:33 | super call to my_method | 1 | calls.rb:293:14:293:14 | 7 |
+| calls.rb:332:3:332:12 | super call to foo | 0 | calls.rb:332:9:332:11 | ... |
 superCallsWithBlock
-| calls.rb:290:5:290:23 | call to super | calls.rb:290:11:290:23 | { ... } |
-| calls.rb:291:5:291:26 | call to super | calls.rb:291:11:291:26 | do ... end |
-| calls.rb:292:5:292:30 | call to super | calls.rb:292:16:292:30 | { ... } |
-| calls.rb:293:5:293:33 | call to super | calls.rb:293:16:293:33 | do ... end |
+| calls.rb:290:5:290:23 | super call to my_method | calls.rb:290:11:290:23 | { ... } |
+| calls.rb:291:5:291:26 | super call to my_method | calls.rb:291:11:291:26 | do ... end |
+| calls.rb:292:5:292:30 | super call to my_method | calls.rb:292:16:292:30 | { ... } |
+| calls.rb:293:5:293:33 | super call to my_method | calls.rb:293:16:293:33 | do ... end |
 setterCalls
 | calls.rb:314:1:314:8 | call to foo= |
 | calls.rb:315:1:315:6 | call to []= |
diff --git a/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected b/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected
index e683bccb8da..4ba190343a7 100644
--- a/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected
+++ b/ruby/ql/test/library-tests/controlflow/graph/Cfg.expected
@@ -3049,9 +3049,9 @@ cfg.rb:
 #-----|  -> exit print (normal)
 
 #  147| self
-#-----|  -> call to super
+#-----|  -> super call to print
 
-#  147| call to super
+#  147| super call to print
 #-----|  -> call to print
 
 #  147| call to print
diff --git a/ruby/ql/test/library-tests/controlflow/graph/Nodes.expected b/ruby/ql/test/library-tests/controlflow/graph/Nodes.expected
index b17584ce259..f41b6e34a4d 100644
--- a/ruby/ql/test/library-tests/controlflow/graph/Nodes.expected
+++ b/ruby/ql/test/library-tests/controlflow/graph/Nodes.expected
@@ -31,7 +31,7 @@ callsWithNoArguments
 | cfg.rb:138:17:138:23 | * ... |
 | cfg.rb:141:1:141:8 | call to itself |
 | cfg.rb:143:10:143:21 | call to itself |
-| cfg.rb:147:10:147:14 | call to super |
+| cfg.rb:147:10:147:14 | super call to print |
 | cfg.rb:147:10:147:22 | call to print |
 | cfg.rb:151:9:151:17 | call to new |
 | cfg.rb:158:16:158:21 | * ... |
diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected
index afb8b6da172..9a85628fcce 100644
--- a/ruby/ql/test/library-tests/modules/callgraph.expected
+++ b/ruby/ql/test/library-tests/modules/callgraph.expected
@@ -17,7 +17,7 @@ getTarget
 | calls.rb:60:5:60:9 | call to new | calls.rb:117:5:117:16 | new |
 | calls.rb:61:1:61:5 | call to baz | calls.rb:51:5:57:7 | baz |
 | calls.rb:63:1:63:12 | call to instance_m | calls.rb:22:5:24:7 | instance_m |
-| calls.rb:67:9:67:13 | call to super | calls.rb:51:5:57:7 | baz |
+| calls.rb:67:9:67:13 | super call to baz | calls.rb:51:5:57:7 | baz |
 | calls.rb:71:5:71:9 | call to new | calls.rb:117:5:117:16 | new |
 | calls.rb:72:1:72:5 | call to baz | calls.rb:66:5:68:7 | baz |
 | calls.rb:74:1:74:12 | call to instance_m | calls.rb:22:5:24:7 | instance_m |
@@ -235,7 +235,7 @@ getTarget
 | calls.rb:616:1:616:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 |
 | hello.rb:12:5:12:24 | call to include | calls.rb:108:5:110:7 | include |
 | hello.rb:14:16:14:20 | call to hello | hello.rb:2:5:4:7 | hello |
-| hello.rb:20:16:20:20 | call to super | hello.rb:13:5:15:7 | message |
+| hello.rb:20:16:20:20 | super call to message | hello.rb:13:5:15:7 | message |
 | hello.rb:20:30:20:34 | call to world | hello.rb:5:5:7:7 | world |
 | instance_fields.rb:4:22:4:35 | call to new | calls.rb:117:5:117:16 | new |
 | instance_fields.rb:7:13:7:25 | call to target | instance_fields.rb:12:5:13:7 | target |
diff --git a/ruby/ql/test/library-tests/modules/methods.expected b/ruby/ql/test/library-tests/modules/methods.expected
index 5319fc55377..3f1d52b8f3c 100644
--- a/ruby/ql/test/library-tests/modules/methods.expected
+++ b/ruby/ql/test/library-tests/modules/methods.expected
@@ -638,7 +638,7 @@ enclosingMethod
 | calls.rb:55:9:55:19 | self | calls.rb:51:5:57:7 | baz |
 | calls.rb:56:9:56:12 | self | calls.rb:51:5:57:7 | baz |
 | calls.rb:56:9:56:24 | call to singleton_m | calls.rb:51:5:57:7 | baz |
-| calls.rb:67:9:67:13 | call to super | calls.rb:66:5:68:7 | baz |
+| calls.rb:67:9:67:13 | super call to baz | calls.rb:66:5:68:7 | baz |
 | calls.rb:76:18:76:18 | a | calls.rb:76:1:79:3 | optional_arg |
 | calls.rb:76:18:76:18 | a | calls.rb:76:1:79:3 | optional_arg |
 | calls.rb:76:22:76:22 | 4 | calls.rb:76:1:79:3 | optional_arg |
@@ -975,7 +975,7 @@ enclosingMethod
 | hello.rb:14:16:14:20 | call to hello | hello.rb:13:5:15:7 | message |
 | hello.rb:14:16:14:20 | self | hello.rb:13:5:15:7 | message |
 | hello.rb:20:9:20:40 | return | hello.rb:19:5:21:7 | message |
-| hello.rb:20:16:20:20 | call to super | hello.rb:19:5:21:7 | message |
+| hello.rb:20:16:20:20 | super call to message | hello.rb:19:5:21:7 | message |
 | hello.rb:20:16:20:26 | ... + ... | hello.rb:19:5:21:7 | message |
 | hello.rb:20:16:20:34 | ... + ... | hello.rb:19:5:21:7 | message |
 | hello.rb:20:16:20:40 | ... + ... | hello.rb:19:5:21:7 | message |
diff --git a/ruby/ql/test/library-tests/modules/modules.expected b/ruby/ql/test/library-tests/modules/modules.expected
index 01b81e01efe..45e7cc89d74 100644
--- a/ruby/ql/test/library-tests/modules/modules.expected
+++ b/ruby/ql/test/library-tests/modules/modules.expected
@@ -586,7 +586,7 @@ enclosingModule
 | calls.rb:65:1:69:3 | D | calls.rb:1:1:616:32 | calls.rb |
 | calls.rb:65:11:65:11 | C | calls.rb:1:1:616:32 | calls.rb |
 | calls.rb:66:5:68:7 | baz | calls.rb:65:1:69:3 | D |
-| calls.rb:67:9:67:13 | call to super | calls.rb:65:1:69:3 | D |
+| calls.rb:67:9:67:13 | super call to baz | calls.rb:65:1:69:3 | D |
 | calls.rb:71:1:71:1 | d | calls.rb:1:1:616:32 | calls.rb |
 | calls.rb:71:1:71:9 | ... = ... | calls.rb:1:1:616:32 | calls.rb |
 | calls.rb:71:5:71:5 | D | calls.rb:1:1:616:32 | calls.rb |
@@ -1513,7 +1513,7 @@ enclosingModule
 | hello.rb:18:20:18:27 | Greeting | hello.rb:1:1:22:3 | hello.rb |
 | hello.rb:19:5:21:7 | message | hello.rb:18:1:22:3 | HelloWorld |
 | hello.rb:20:9:20:40 | return | hello.rb:18:1:22:3 | HelloWorld |
-| hello.rb:20:16:20:20 | call to super | hello.rb:18:1:22:3 | HelloWorld |
+| hello.rb:20:16:20:20 | super call to message | hello.rb:18:1:22:3 | HelloWorld |
 | hello.rb:20:16:20:26 | ... + ... | hello.rb:18:1:22:3 | HelloWorld |
 | hello.rb:20:16:20:34 | ... + ... | hello.rb:18:1:22:3 | HelloWorld |
 | hello.rb:20:16:20:40 | ... + ... | hello.rb:18:1:22:3 | HelloWorld |

From 9ef4f122612fa3aaa2782eadb433ce7e72343670 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Wed, 7 Dec 2022 14:12:43 +0100
Subject: [PATCH 18/93] add change-note

---
 ruby/ql/lib/change-notes/2022-12-07-kernel-paths.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 ruby/ql/lib/change-notes/2022-12-07-kernel-paths.md

diff --git a/ruby/ql/lib/change-notes/2022-12-07-kernel-paths.md b/ruby/ql/lib/change-notes/2022-12-07-kernel-paths.md
new file mode 100644
index 00000000000..85761862684
--- /dev/null
+++ b/ruby/ql/lib/change-notes/2022-12-07-kernel-paths.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Calls to `Kernel.load`, `Kernel.require`, `Kernel.autoload` are now modeled as sinks for path injection.

From f09e10f61fdd15634cd25e3bbd1dca556d7e6df9 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Thu, 8 Dec 2022 15:34:26 +0100
Subject: [PATCH 19/93] delete redundant cast

---
 ruby/ql/lib/codeql/ruby/ast/internal/Call.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
index dfc553fb45d..b6ac243e891 100644
--- a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
+++ b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll
@@ -121,7 +121,7 @@ private Ruby::AstNode getSuperParent(Ruby::Super sup) {
 
 private string getSuperMethodName(Ruby::Super sup) {
   exists(Ruby::Method meth |
-    meth = getSuperParent(sup).getParent().(Ruby::Method) and
+    meth = getSuperParent(sup).getParent() and
     result = any(Method c | toGenerated(c) = meth).getName()
   )
 }

From 17348fbd32315b839a145d066bf8e2fb1e5b1b17 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Wed, 19 Oct 2022 17:06:18 +0100
Subject: [PATCH 20/93] Add android certificate pinning query

---
 .../AndroidCertificatePinningQuery.qll        | 56 +++++++++++++++++++
 .../AndroidMissingCertificatePinning.ql       | 17 ++++++
 2 files changed, 73 insertions(+)
 create mode 100644 java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
 create mode 100644 java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
new file mode 100644
index 00000000000..e99bb8d9930
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -0,0 +1,56 @@
+import java
+import semmle.code.xml.AndroidManifest
+import semmle.code.java.dataflow.TaintTracking
+import HttpsUrls
+
+class AndroidNetworkSecurityConfigFile extends XmlFile {
+  AndroidNetworkSecurityConfigFile() {
+    exists(AndroidApplicationXmlElement app, AndroidXmlAttribute confAttr, string confName |
+      confAttr.getElement() = app and
+      confAttr.getValue() = "@xml/" + confName and
+      this.getRelativePath() = "res/xml/" + confName + ".xml" and
+      this.getARootElement().getName() = "network-security-config"
+    )
+  }
+}
+
+predicate isAndroid() { exists(AndroidManifestXmlFile m) }
+
+predicate trustedDomain(string domainName) {
+  exists(
+    AndroidNetworkSecurityConfigFile confFile, XmlElement domConf, XmlElement domain,
+    XmlElement trust
+  |
+    domConf.getFile() = confFile and
+    domConf.getName() = "domain-config" and
+    domain.getParent() = domConf and
+    domain.getName() = "domain" and
+    domain.getACharactersSet().getCharacters() = domainName and
+    trust.getParent() = domConf and
+    trust.getName() = ["trust-anchors", "pin-set"]
+  )
+}
+
+private class UntrustedUrlConfig extends TaintTracking::Configuration {
+  UntrustedUrlConfig() { this = "UntrustedUrlConfig" }
+
+  override predicate isSource(DataFlow::Node node) {
+    exists(string d | trustedDomain(d)) and
+    exists(string lit | lit = node.asExpr().(CompileTimeConstantExpr).getStringValue() |
+      lit.matches("%://%") and // it's a URL
+      not exists(string dom | trustedDomain(dom) and lit.matches("%" + dom + "%"))
+    )
+  }
+
+  override predicate isSink(DataFlow::Node node) { node instanceof UrlOpenSink }
+}
+
+predicate missingPinning(DataFlow::Node node) {
+  isAndroid() and
+  node instanceof UrlOpenSink and
+  (
+    not exists(string s | trustedDomain(s))
+    or
+    exists(UntrustedUrlConfig conf | conf.hasFlow(_, node))
+  )
+}
diff --git a/java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
new file mode 100644
index 00000000000..c94bd08fd87
--- /dev/null
+++ b/java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
@@ -0,0 +1,17 @@
+/**
+ * @name Android Missing Certificate Pinning
+ * @description Network communication should use certificate pinning.
+ * @kind problem
+ * @problem.severity warning
+ * @precision medium
+ * @id java/android/missingcertificate-pinning
+ * @tags security
+ *       external/cwe/cwe-295
+ */
+
+import java
+import semmle.code.java.security.AndroidCertificatePinningQuery
+
+from DataFlow::Node node
+where missingPinning(node)
+select node, "This network call does not implement certificate pinning."

From c3da3a9aeff4af06b61287d1d501dbb1cabfc059 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Mon, 7 Nov 2022 13:21:45 +0000
Subject: [PATCH 21/93] Add a bit of additional context to the alert message;
 fix issue with finding the config file

---
 .../java/security/AndroidCertificatePinningQuery.qll |  4 +++-
 .../CWE/CWE-295/AndroidMissingCertificatePinning.ql  | 12 ++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index e99bb8d9930..645aa1169c4 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -1,3 +1,5 @@
+/** Definitiona for the Android Missing Certificate Pinning query. */
+
 import java
 import semmle.code.xml.AndroidManifest
 import semmle.code.java.dataflow.TaintTracking
@@ -8,7 +10,7 @@ class AndroidNetworkSecurityConfigFile extends XmlFile {
     exists(AndroidApplicationXmlElement app, AndroidXmlAttribute confAttr, string confName |
       confAttr.getElement() = app and
       confAttr.getValue() = "@xml/" + confName and
-      this.getRelativePath() = "res/xml/" + confName + ".xml" and
+      this.getRelativePath().matches("%res/xml/" + confName + ".xml") and
       this.getARootElement().getName() = "network-security-config"
     )
   }
diff --git a/java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
index c94bd08fd87..60328fac38e 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
@@ -4,7 +4,7 @@
  * @kind problem
  * @problem.severity warning
  * @precision medium
- * @id java/android/missingcertificate-pinning
+ * @id java/android/missing-certificate-pinning
  * @tags security
  *       external/cwe/cwe-295
  */
@@ -12,6 +12,10 @@
 import java
 import semmle.code.java.security.AndroidCertificatePinningQuery
 
-from DataFlow::Node node
-where missingPinning(node)
-select node, "This network call does not implement certificate pinning."
+from DataFlow::Node node, string msg
+where
+  missingPinning(node) and
+  if exists(string x | trustedDomain(x))
+  then msg = "(untrusted domain)"
+  else msg = "(no trusted domains)"
+select node, "This network call does not implement certificate pinning. " + msg

From ea3db5d4294b10e2394391d6c7ee7ac32f64f070 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Mon, 7 Nov 2022 16:05:47 +0000
Subject: [PATCH 22/93] Add test cases

---
 .../Test1/AndroidManifest.xml                 | 10 ++++++++
 .../Test1/Test.java                           | 12 ++++++++++
 .../Test1/options                             |  1 +
 .../Test1/res/xml/NetworkSecurityConfig.xml   |  9 ++++++++
 .../Test1/test.expected                       |  0
 .../Test1/test.ql                             | 23 +++++++++++++++++++
 .../Test2/AndroidManifest.xml                 | 10 ++++++++
 .../Test2/Test.java                           |  8 +++++++
 .../Test2/options                             |  1 +
 .../Test2/res/xml/NetworkSecurityConfig.xml   |  4 ++++
 .../Test2/test.expected                       |  0
 .../Test2/test.ql                             | 23 +++++++++++++++++++
 12 files changed, 101 insertions(+)
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/Test.java
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/options
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/res/xml/NetworkSecurityConfig.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.expected
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.ql
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/Test.java
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/options
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/res/xml/NetworkSecurityConfig.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.expected
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.ql

diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/AndroidManifest.xml
new file mode 100644
index 00000000000..da5cdabce67
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/AndroidManifest.xml
@@ -0,0 +1,10 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.app"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="0.1" >
+
+    <application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
+    </application>
+
+</manifest>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/Test.java
new file mode 100644
index 00000000000..ed141d80521
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/Test.java
@@ -0,0 +1,12 @@
+import java.net.URL;
+import java.net.URLConnection;
+
+class Test{
+    URLConnection test1() throws Exception {
+        return new URL("https://good.example.com").openConnection();
+    }
+
+    URLConnection test2() throws Exception {
+        return new URL("https://bad.example.com").openConnection(); // $hasUntrustedResult
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/options
new file mode 100644
index 00000000000..7d1644b057b
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/options
@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/res/xml/NetworkSecurityConfig.xml
new file mode 100644
index 00000000000..e2810ff7e1a
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/res/xml/NetworkSecurityConfig.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+    <domain-config>
+        <domain>good.example.com</domain>
+        <pin-set expiration="2038/1/19">
+            <pin digest="SHA-256">...</pin>
+        </pin-set>
+    </domain-config>
+</network-security-config>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.ql
new file mode 100644
index 00000000000..22238774af5
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.ql
@@ -0,0 +1,23 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.security.AndroidCertificatePinningQuery
+
+class Test extends InlineExpectationsTest {
+  Test() { this = "AndroidMissingCertificatePinningTest" }
+
+  override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
+
+  override predicate hasActualResult(Location loc, string el, string tag, string value) {
+    exists(DataFlow::Node node |
+      missingPinning(node) and
+      loc = node.getLocation() and
+      el = node.toString() and
+      value = "" and
+      (
+        if exists(string x | trustedDomain(x))
+        then tag = "hasUntrustedResult"
+        else tag = "hasNoTrustedResult"
+      )
+    )
+  }
+}
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/AndroidManifest.xml
new file mode 100644
index 00000000000..da5cdabce67
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/AndroidManifest.xml
@@ -0,0 +1,10 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.app"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="0.1" >
+
+    <application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
+    </application>
+
+</manifest>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/Test.java
new file mode 100644
index 00000000000..9f68c503b46
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/Test.java
@@ -0,0 +1,8 @@
+import java.net.URL;
+import java.net.URLConnection;
+
+class Test{
+    URLConnection test2() throws Exception {
+        return new URL("https://example.com").openConnection(); // $hasNoTrustedResult
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/options
new file mode 100644
index 00000000000..7d1644b057b
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/options
@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/res/xml/NetworkSecurityConfig.xml
new file mode 100644
index 00000000000..3fd128a05a2
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/res/xml/NetworkSecurityConfig.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+
+</network-security-config>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.ql
new file mode 100644
index 00000000000..22238774af5
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.ql
@@ -0,0 +1,23 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.security.AndroidCertificatePinningQuery
+
+class Test extends InlineExpectationsTest {
+  Test() { this = "AndroidMissingCertificatePinningTest" }
+
+  override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
+
+  override predicate hasActualResult(Location loc, string el, string tag, string value) {
+    exists(DataFlow::Node node |
+      missingPinning(node) and
+      loc = node.getLocation() and
+      el = node.toString() and
+      value = "" and
+      (
+        if exists(string x | trustedDomain(x))
+        then tag = "hasUntrustedResult"
+        else tag = "hasNoTrustedResult"
+      )
+    )
+  }
+}

From da7032d3d62dd31be8eeeb41888333b2b71e8ca1 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Mon, 7 Nov 2022 16:50:34 +0000
Subject: [PATCH 23/93] Add qldoc

---
 .../code/java/security/AndroidCertificatePinningQuery.qll  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index 645aa1169c4..afdf694a62b 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -1,10 +1,11 @@
-/** Definitiona for the Android Missing Certificate Pinning query. */
+/** Definitions for the Android Missing Certificate Pinning query. */
 
 import java
 import semmle.code.xml.AndroidManifest
 import semmle.code.java.dataflow.TaintTracking
 import HttpsUrls
 
+/** An Android Network Security Configuration XML file. */
 class AndroidNetworkSecurityConfigFile extends XmlFile {
   AndroidNetworkSecurityConfigFile() {
     exists(AndroidApplicationXmlElement app, AndroidXmlAttribute confAttr, string confName |
@@ -16,8 +17,10 @@ class AndroidNetworkSecurityConfigFile extends XmlFile {
   }
 }
 
+/** Holds if this database is of an Android application. */
 predicate isAndroid() { exists(AndroidManifestXmlFile m) }
 
+/** Holds if the given domain name is trusted by the Network Security Configuration XML file. */
 predicate trustedDomain(string domainName) {
   exists(
     AndroidNetworkSecurityConfigFile confFile, XmlElement domConf, XmlElement domain,
@@ -33,6 +36,7 @@ predicate trustedDomain(string domainName) {
   )
 }
 
+/** Configuration for finding uses of non trusted URLs. */
 private class UntrustedUrlConfig extends TaintTracking::Configuration {
   UntrustedUrlConfig() { this = "UntrustedUrlConfig" }
 
@@ -47,6 +51,7 @@ private class UntrustedUrlConfig extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node node) { node instanceof UrlOpenSink }
 }
 
+/** Holds if `node` is a network communication call for which certificate pinning is not implemented. */
 predicate missingPinning(DataFlow::Node node) {
   isAndroid() and
   node instanceof UrlOpenSink and

From c32dc1e674ecbb712624fd85380ea6d1d2b9d2b7 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Mon, 14 Nov 2022 10:57:17 +0000
Subject: [PATCH 24/93] Implement okhttp support

---
 .../AndroidCertificatePinningQuery.qll         | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index afdf694a62b..80549967090 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -21,7 +21,7 @@ class AndroidNetworkSecurityConfigFile extends XmlFile {
 predicate isAndroid() { exists(AndroidManifestXmlFile m) }
 
 /** Holds if the given domain name is trusted by the Network Security Configuration XML file. */
-predicate trustedDomain(string domainName) {
+private predicate trustedDomainViaXml(string domainName) {
   exists(
     AndroidNetworkSecurityConfigFile confFile, XmlElement domConf, XmlElement domain,
     XmlElement trust
@@ -36,6 +36,22 @@ predicate trustedDomain(string domainName) {
   )
 }
 
+/** Holds if the given domain name is trusted by an OkHttp `CertificatePinner`. */
+private predicate trustedDomainViaOkHttp(string domainName) {
+  exists(CompileTimeConstantExpr domainExpr, MethodAccess certPinnerAdd |
+    domainExpr.getStringValue().replaceAll("*.", "") = domainName and // strip wildcard patterns like *.example.com
+    certPinnerAdd.getMethod().hasQualifiedName("okhttp3", "CertificatePinner$Builder", "add") and
+    DataFlow::localExprFlow(domainExpr, certPinnerAdd.getArgument(0))
+  )
+}
+
+/** Holds if the given domain name is trusted by some certifiacte pinning implementation. */
+predicate trustedDomain(string domainName) {
+  trustedDomainViaXml(domainName)
+  or
+  trustedDomainViaOkHttp(domainName)
+}
+
 /** Configuration for finding uses of non trusted URLs. */
 private class UntrustedUrlConfig extends TaintTracking::Configuration {
   UntrustedUrlConfig() { this = "UntrustedUrlConfig" }

From 53c4ada88304f92c814504221ad1294d944fb4fd Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Mon, 14 Nov 2022 10:57:32 +0000
Subject: [PATCH 25/93] Add okhttp tests

---
 .../Test3/AndroidManifest.xml                 | 10 ++++++++
 .../Test3/Test.java                           | 17 ++++++++++++++
 .../Test3/options                             |  1 +
 .../Test3/res/xml/NetworkSecurityConfig.xml   |  4 ++++
 .../Test3/test.expected                       |  0
 .../Test3/test.ql                             | 23 +++++++++++++++++++
 6 files changed, 55 insertions(+)
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/Test.java
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/options
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/res/xml/NetworkSecurityConfig.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.expected
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.ql

diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/AndroidManifest.xml
new file mode 100644
index 00000000000..da5cdabce67
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/AndroidManifest.xml
@@ -0,0 +1,10 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.app"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="0.1" >
+
+    <application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
+    </application>
+
+</manifest>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/Test.java
new file mode 100644
index 00000000000..c6fe9dd4f54
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/Test.java
@@ -0,0 +1,17 @@
+import okhttp3.OkHttpClient;
+import okhttp3.CertificatePinner;
+import okhttp3.Request;
+
+class Test{
+    void test1() throws Exception {
+    CertificatePinner certificatePinner = new CertificatePinner.Builder()
+         .add("good.example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
+         .build();
+     OkHttpClient client = OkHttpClient.Builder()
+         .certificatePinner(certificatePinner)
+         .build();
+
+     client.newCall(new Request.Builder().url("https://good.example.com").build()).execute();
+     client.newCall(new Request.Builder().url("https://bad.example.com").build()).execute(); // $hasUntrustedResult
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/options
new file mode 100644
index 00000000000..1983e5973d9
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/options
@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0:${testdir}/../../../../../stubs/okhttp-4.9.3
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/res/xml/NetworkSecurityConfig.xml
new file mode 100644
index 00000000000..3fd128a05a2
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/res/xml/NetworkSecurityConfig.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+
+</network-security-config>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.ql
new file mode 100644
index 00000000000..22238774af5
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.ql
@@ -0,0 +1,23 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.security.AndroidCertificatePinningQuery
+
+class Test extends InlineExpectationsTest {
+  Test() { this = "AndroidMissingCertificatePinningTest" }
+
+  override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
+
+  override predicate hasActualResult(Location loc, string el, string tag, string value) {
+    exists(DataFlow::Node node |
+      missingPinning(node) and
+      loc = node.getLocation() and
+      el = node.toString() and
+      value = "" and
+      (
+        if exists(string x | trustedDomain(x))
+        then tag = "hasUntrustedResult"
+        else tag = "hasNoTrustedResult"
+      )
+    )
+  }
+}

From bb402c497b66e9fa8ad330b907fba7e0f5ec0eb5 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Mon, 14 Nov 2022 14:39:42 +0000
Subject: [PATCH 26/93] Fix typo in dir name

---
 .../Test1/AndroidManifest.xml                                     | 0
 .../Test1/Test.java                                               | 0
 .../Test1/options                                                 | 0
 .../Test1/res/xml/NetworkSecurityConfig.xml                       | 0
 .../Test1/test.expected                                           | 0
 .../Test1/test.ql                                                 | 0
 .../Test2/AndroidManifest.xml                                     | 0
 .../Test2/Test.java                                               | 0
 .../Test2/options                                                 | 0
 .../Test2/res/xml/NetworkSecurityConfig.xml                       | 0
 .../Test2/test.expected                                           | 0
 .../Test2/test.ql                                                 | 0
 .../Test3/AndroidManifest.xml                                     | 0
 .../Test3/Test.java                                               | 0
 .../Test3/options                                                 | 0
 .../Test3/res/xml/NetworkSecurityConfig.xml                       | 0
 .../Test3/test.expected                                           | 0
 .../Test3/test.ql                                                 | 0
 18 files changed, 0 insertions(+), 0 deletions(-)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test1/AndroidManifest.xml (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test1/Test.java (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test1/options (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test1/res/xml/NetworkSecurityConfig.xml (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test1/test.expected (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test1/test.ql (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test2/AndroidManifest.xml (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test2/Test.java (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test2/options (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test2/res/xml/NetworkSecurityConfig.xml (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test2/test.expected (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test2/test.ql (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test3/AndroidManifest.xml (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test3/Test.java (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test3/options (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test3/res/xml/NetworkSecurityConfig.xml (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test3/test.expected (100%)
 rename java/ql/test/query-tests/security/CWE-295/{AndroidMissingCertificatePinning_ => AndroidMissingCertificatePinning}/Test3/test.ql (100%)

diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/AndroidManifest.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/AndroidManifest.xml
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/AndroidManifest.xml
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/Test.java
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/Test.java
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/Test.java
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/options
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/options
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/options
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/res/xml/NetworkSecurityConfig.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/res/xml/NetworkSecurityConfig.xml
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/res/xml/NetworkSecurityConfig.xml
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.expected
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.expected
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.expected
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test1/test.ql
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/AndroidManifest.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/AndroidManifest.xml
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/AndroidManifest.xml
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/Test.java
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/Test.java
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/Test.java
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/options
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/options
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/options
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/res/xml/NetworkSecurityConfig.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/res/xml/NetworkSecurityConfig.xml
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/res/xml/NetworkSecurityConfig.xml
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.expected
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.expected
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.expected
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test2/test.ql
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/AndroidManifest.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/AndroidManifest.xml
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/AndroidManifest.xml
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/Test.java
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/options
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/options
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/options
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/res/xml/NetworkSecurityConfig.xml
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/res/xml/NetworkSecurityConfig.xml
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/res/xml/NetworkSecurityConfig.xml
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.expected
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.expected
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.expected
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning_/Test3/test.ql
rename to java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql

From 4afecf575e389749949ec5a7c3d146ae824ded18 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Mon, 14 Nov 2022 17:38:12 +0000
Subject: [PATCH 27/93] Generate more stubs for okhttp and fix tests. Some
 generated stubs needed to be manually corrected.

---
 .../Test3/Test.java                           |   2 +-
 .../okhttp-4.9.3/javax/net/SocketFactory.java |  17 +
 .../net/ssl/HandshakeCompletedEvent.java      |  24 +
 .../net/ssl/HandshakeCompletedListener.java   |  11 +
 .../javax/net/ssl/HostnameVerifier.java       |  10 +
 .../javax/net/ssl/SNIMatcher.java             |  13 +
 .../javax/net/ssl/SNIServerName.java          |  15 +
 .../javax/net/ssl/SSLParameters.java          |  36 +
 .../javax/net/ssl/SSLSession.java             |  33 +
 .../javax/net/ssl/SSLSessionContext.java      |  16 +
 .../okhttp-4.9.3/javax/net/ssl/SSLSocket.java |  45 ++
 .../javax/net/ssl/SSLSocketFactory.java       |  17 +
 .../javax/net/ssl/TrustManager.java           |   8 +
 .../javax/net/ssl/X509TrustManager.java       |  13 +
 .../javax/security/cert/Certificate.java      |  17 +
 .../javax/security/cert/X509Certificate.java  |  27 +
 .../kotlin/collections/IntIterator.java       |  14 +
 .../kotlin/jvm/functions/Function1.java       |  10 +
 .../kotlin/ranges/ClosedRange.java            |  12 +
 .../kotlin/ranges/IntProgression.java         |  26 +
 .../okhttp-4.9.3/kotlin/ranges/IntRange.java  |  25 +
 .../kotlin/sequences/Sequence.java            |  10 +
 .../okhttp-4.9.3/kotlin/text/FlagEnum.java    |  10 +
 .../okhttp-4.9.3/kotlin/text/MatchGroup.java  |  19 +
 .../kotlin/text/MatchGroupCollection.java     |  12 +
 .../okhttp-4.9.3/kotlin/text/MatchResult.java |  24 +
 .../stubs/okhttp-4.9.3/kotlin/text/Regex.java |  42 ++
 .../okhttp-4.9.3/kotlin/text/RegexOption.java |  12 +
 .../stubs/okhttp-4.9.3/okhttp3/Address.java   |  83 +--
 .../stubs/okhttp-4.9.3/okhttp3/Cache.java     | 152 ++---
 .../okhttp-4.9.3/okhttp3/CacheControl.java    |  84 +--
 .../okhttp3/CertificatePinner.java            |   7 +
 .../stubs/okhttp-4.9.3/okhttp3/Challenge.java |  49 +-
 .../okhttp-4.9.3/okhttp3/CipherSuite.java     |  34 +-
 .../okhttp-4.9.3/okhttp3/ConnectionSpec.java  |  54 +-
 .../stubs/okhttp-4.9.3/okhttp3/Cookie.java    | 103 +--
 .../okhttp-4.9.3/okhttp3/Dispatcher.java      |  72 +-
 .../stubs/okhttp-4.9.3/okhttp3/Handshake.java |  79 +--
 .../stubs/okhttp-4.9.3/okhttp3/HttpUrl.java   | 460 +++----------
 .../stubs/okhttp-4.9.3/okhttp3/MediaType.java |  68 +-
 .../okhttp-4.9.3/okhttp3/OkHttpClient.java    | 633 ++++--------------
 .../stubs/okhttp-4.9.3/okhttp3/Request.java   | 216 ++----
 .../stubs/okhttp-4.9.3/okhttp3/Response.java  | 327 +++------
 .../stubs/okhttp-4.9.3/okhttp3/Route.java     |  41 +-
 .../okhttp-4.9.3/okhttp3/TlsVersion.java      |  24 +-
 .../test/stubs/okhttp-4.9.3/okio/Buffer.java  | 560 ++++------------
 .../stubs/okhttp-4.9.3/okio/ByteString.java   | 339 ++--------
 47 files changed, 1287 insertions(+), 2618 deletions(-)
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/SocketFactory.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedEvent.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedListener.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HostnameVerifier.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIMatcher.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIServerName.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLParameters.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSession.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSessionContext.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocket.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocketFactory.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/TrustManager.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/X509TrustManager.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/Certificate.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/X509Certificate.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/collections/IntIterator.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/jvm/functions/Function1.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/ClosedRange.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntProgression.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntRange.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/sequences/Sequence.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/text/FlagEnum.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroup.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroupCollection.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchResult.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/text/Regex.java
 create mode 100644 java/ql/test/stubs/okhttp-4.9.3/kotlin/text/RegexOption.java

diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java
index c6fe9dd4f54..6a8ff8ed9d8 100644
--- a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java
@@ -7,7 +7,7 @@ class Test{
     CertificatePinner certificatePinner = new CertificatePinner.Builder()
          .add("good.example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
          .build();
-     OkHttpClient client = OkHttpClient.Builder()
+     OkHttpClient client = new OkHttpClient.Builder()
          .certificatePinner(certificatePinner)
          .build();
 
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/SocketFactory.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/SocketFactory.java
new file mode 100644
index 00000000000..ddab28a7fc8
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/SocketFactory.java
@@ -0,0 +1,17 @@
+// Generated automatically from javax.net.SocketFactory for testing purposes
+
+package javax.net;
+
+import java.net.InetAddress;
+import java.net.Socket;
+
+abstract public class SocketFactory
+{
+    protected SocketFactory(){}
+    public Socket createSocket(){ return null; }
+    public abstract Socket createSocket(InetAddress p0, int p1);
+    public abstract Socket createSocket(InetAddress p0, int p1, InetAddress p2, int p3);
+    public abstract Socket createSocket(String p0, int p1);
+    public abstract Socket createSocket(String p0, int p1, InetAddress p2, int p3);
+    public static SocketFactory getDefault(){ return null; }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedEvent.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedEvent.java
new file mode 100644
index 00000000000..c692761701e
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedEvent.java
@@ -0,0 +1,24 @@
+// Generated automatically from javax.net.ssl.HandshakeCompletedEvent for testing purposes
+
+package javax.net.ssl;
+
+import java.security.Principal;
+import java.security.cert.Certificate;
+import java.util.EventObject;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.security.cert.X509Certificate;
+
+public class HandshakeCompletedEvent extends EventObject
+{
+    protected HandshakeCompletedEvent() { super(null); } // manually corrected
+    public Certificate[] getLocalCertificates(){ return null; }
+    public Certificate[] getPeerCertificates(){ return null; }
+    public HandshakeCompletedEvent(SSLSocket p0, SSLSession p1){ super(null); } // manually corrected
+    public Principal getLocalPrincipal(){ return null; }
+    public Principal getPeerPrincipal(){ return null; }
+    public SSLSession getSession(){ return null; }
+    public SSLSocket getSocket(){ return null; }
+    public String getCipherSuite(){ return null; }
+    public X509Certificate[] getPeerCertificateChain(){ return null; }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedListener.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedListener.java
new file mode 100644
index 00000000000..c920530baef
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedListener.java
@@ -0,0 +1,11 @@
+// Generated automatically from javax.net.ssl.HandshakeCompletedListener for testing purposes
+
+package javax.net.ssl;
+
+import java.util.EventListener;
+import javax.net.ssl.HandshakeCompletedEvent;
+
+public interface HandshakeCompletedListener extends EventListener
+{
+    void handshakeCompleted(HandshakeCompletedEvent p0);
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HostnameVerifier.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HostnameVerifier.java
new file mode 100644
index 00000000000..891b2623061
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HostnameVerifier.java
@@ -0,0 +1,10 @@
+// Generated automatically from javax.net.ssl.HostnameVerifier for testing purposes
+
+package javax.net.ssl;
+
+import javax.net.ssl.SSLSession;
+
+public interface HostnameVerifier
+{
+    boolean verify(String p0, SSLSession p1);
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIMatcher.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIMatcher.java
new file mode 100644
index 00000000000..4a346519f18
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIMatcher.java
@@ -0,0 +1,13 @@
+// Generated automatically from javax.net.ssl.SNIMatcher for testing purposes
+
+package javax.net.ssl;
+
+import javax.net.ssl.SNIServerName;
+
+abstract public class SNIMatcher
+{
+    protected SNIMatcher() {}
+    protected SNIMatcher(int p0){}
+    public abstract boolean matches(SNIServerName p0);
+    public final int getType(){ return 0; }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIServerName.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIServerName.java
new file mode 100644
index 00000000000..119f884b2e6
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIServerName.java
@@ -0,0 +1,15 @@
+// Generated automatically from javax.net.ssl.SNIServerName for testing purposes
+
+package javax.net.ssl;
+
+
+abstract public class SNIServerName
+{
+    protected SNIServerName() {}
+    protected SNIServerName(int p0, byte[] p1){}
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final byte[] getEncoded(){ return null; }
+    public final int getType(){ return 0; }
+    public int hashCode(){ return 0; }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLParameters.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLParameters.java
new file mode 100644
index 00000000000..522fde0d61f
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLParameters.java
@@ -0,0 +1,36 @@
+// Generated automatically from javax.net.ssl.SSLParameters for testing purposes
+
+package javax.net.ssl;
+
+import java.security.AlgorithmConstraints;
+import java.util.Collection;
+import java.util.List;
+import javax.net.ssl.SNIMatcher;
+import javax.net.ssl.SNIServerName;
+
+public class SSLParameters
+{
+    public AlgorithmConstraints getAlgorithmConstraints(){ return null; }
+    public SSLParameters(){}
+    public SSLParameters(String[] p0){}
+    public SSLParameters(String[] p0, String[] p1){}
+    public String getEndpointIdentificationAlgorithm(){ return null; }
+    public String[] getApplicationProtocols(){ return null; }
+    public String[] getCipherSuites(){ return null; }
+    public String[] getProtocols(){ return null; }
+    public boolean getNeedClientAuth(){ return false; }
+    public boolean getWantClientAuth(){ return false; }
+    public final Collection<SNIMatcher> getSNIMatchers(){ return null; }
+    public final List<SNIServerName> getServerNames(){ return null; }
+    public final boolean getUseCipherSuitesOrder(){ return false; }
+    public final void setSNIMatchers(Collection<SNIMatcher> p0){}
+    public final void setServerNames(List<SNIServerName> p0){}
+    public final void setUseCipherSuitesOrder(boolean p0){}
+    public void setAlgorithmConstraints(AlgorithmConstraints p0){}
+    public void setApplicationProtocols(String[] p0){}
+    public void setCipherSuites(String[] p0){}
+    public void setEndpointIdentificationAlgorithm(String p0){}
+    public void setNeedClientAuth(boolean p0){}
+    public void setProtocols(String[] p0){}
+    public void setWantClientAuth(boolean p0){}
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSession.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSession.java
new file mode 100644
index 00000000000..9afb7abecb3
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSession.java
@@ -0,0 +1,33 @@
+// Generated automatically from javax.net.ssl.SSLSession for testing purposes
+
+package javax.net.ssl;
+
+import java.security.Principal;
+import java.security.cert.Certificate;
+import javax.net.ssl.SSLSessionContext;
+import javax.security.cert.X509Certificate;
+
+public interface SSLSession
+{
+    Certificate[] getLocalCertificates();
+    Certificate[] getPeerCertificates();
+    Object getValue(String p0);
+    Principal getLocalPrincipal();
+    Principal getPeerPrincipal();
+    SSLSessionContext getSessionContext();
+    String getCipherSuite();
+    String getPeerHost();
+    String getProtocol();
+    String[] getValueNames();
+    X509Certificate[] getPeerCertificateChain();
+    boolean isValid();
+    byte[] getId();
+    int getApplicationBufferSize();
+    int getPacketBufferSize();
+    int getPeerPort();
+    long getCreationTime();
+    long getLastAccessedTime();
+    void invalidate();
+    void putValue(String p0, Object p1);
+    void removeValue(String p0);
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSessionContext.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSessionContext.java
new file mode 100644
index 00000000000..c0d9c6ef650
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSessionContext.java
@@ -0,0 +1,16 @@
+// Generated automatically from javax.net.ssl.SSLSessionContext for testing purposes
+
+package javax.net.ssl;
+
+import java.util.Enumeration;
+import javax.net.ssl.SSLSession;
+
+public interface SSLSessionContext
+{
+    Enumeration<byte[]> getIds();
+    SSLSession getSession(byte[] p0);
+    int getSessionCacheSize();
+    int getSessionTimeout();
+    void setSessionCacheSize(int p0);
+    void setSessionTimeout(int p0);
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocket.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocket.java
new file mode 100644
index 00000000000..2145c1b8c37
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocket.java
@@ -0,0 +1,45 @@
+// Generated automatically from javax.net.ssl.SSLSocket for testing purposes
+
+package javax.net.ssl;
+
+import java.net.InetAddress;
+import java.net.Socket;
+import java.util.List;
+import java.util.function.BiFunction;
+import javax.net.ssl.HandshakeCompletedListener;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLSession;
+
+abstract public class SSLSocket extends Socket
+{
+    protected SSLSocket(){}
+    protected SSLSocket(InetAddress p0, int p1){}
+    protected SSLSocket(InetAddress p0, int p1, InetAddress p2, int p3){}
+    protected SSLSocket(String p0, int p1){}
+    protected SSLSocket(String p0, int p1, InetAddress p2, int p3){}
+    public BiFunction<SSLSocket, List<String>, String> getHandshakeApplicationProtocolSelector(){ return null; }
+    public SSLParameters getSSLParameters(){ return null; }
+    public SSLSession getHandshakeSession(){ return null; }
+    public String getApplicationProtocol(){ return null; }
+    public String getHandshakeApplicationProtocol(){ return null; }
+    public abstract SSLSession getSession();
+    public abstract String[] getEnabledCipherSuites();
+    public abstract String[] getEnabledProtocols();
+    public abstract String[] getSupportedCipherSuites();
+    public abstract String[] getSupportedProtocols();
+    public abstract boolean getEnableSessionCreation();
+    public abstract boolean getNeedClientAuth();
+    public abstract boolean getUseClientMode();
+    public abstract boolean getWantClientAuth();
+    public abstract void addHandshakeCompletedListener(HandshakeCompletedListener p0);
+    public abstract void removeHandshakeCompletedListener(HandshakeCompletedListener p0);
+    public abstract void setEnableSessionCreation(boolean p0);
+    public abstract void setEnabledCipherSuites(String[] p0);
+    public abstract void setEnabledProtocols(String[] p0);
+    public abstract void setNeedClientAuth(boolean p0);
+    public abstract void setUseClientMode(boolean p0);
+    public abstract void setWantClientAuth(boolean p0);
+    public abstract void startHandshake();
+    public void setHandshakeApplicationProtocolSelector(BiFunction<SSLSocket, List<String>, String> p0){}
+    public void setSSLParameters(SSLParameters p0){}
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocketFactory.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocketFactory.java
new file mode 100644
index 00000000000..47c40526842
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocketFactory.java
@@ -0,0 +1,17 @@
+// Generated automatically from javax.net.ssl.SSLSocketFactory for testing purposes
+
+package javax.net.ssl;
+
+import java.io.InputStream;
+import java.net.Socket;
+import javax.net.SocketFactory;
+
+abstract public class SSLSocketFactory extends SocketFactory
+{
+    public SSLSocketFactory(){}
+    public Socket createSocket(Socket p0, InputStream p1, boolean p2){ return null; }
+    public abstract Socket createSocket(Socket p0, String p1, int p2, boolean p3);
+    public abstract String[] getDefaultCipherSuites();
+    public abstract String[] getSupportedCipherSuites();
+    public static SocketFactory getDefault(){ return null; }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/TrustManager.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/TrustManager.java
new file mode 100644
index 00000000000..6698b99ac42
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/TrustManager.java
@@ -0,0 +1,8 @@
+// Generated automatically from javax.net.ssl.TrustManager for testing purposes
+
+package javax.net.ssl;
+
+
+public interface TrustManager
+{
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/X509TrustManager.java b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/X509TrustManager.java
new file mode 100644
index 00000000000..45a0aa5867a
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/X509TrustManager.java
@@ -0,0 +1,13 @@
+// Generated automatically from javax.net.ssl.X509TrustManager for testing purposes
+
+package javax.net.ssl;
+
+import java.security.cert.X509Certificate;
+import javax.net.ssl.TrustManager;
+
+public interface X509TrustManager extends TrustManager
+{
+    X509Certificate[] getAcceptedIssuers();
+    void checkClientTrusted(X509Certificate[] p0, String p1);
+    void checkServerTrusted(X509Certificate[] p0, String p1);
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/Certificate.java b/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/Certificate.java
new file mode 100644
index 00000000000..56545088a1b
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/Certificate.java
@@ -0,0 +1,17 @@
+// Generated automatically from javax.security.cert.Certificate for testing purposes
+
+package javax.security.cert;
+
+import java.security.PublicKey;
+
+abstract public class Certificate
+{
+    public Certificate(){}
+    public abstract PublicKey getPublicKey();
+    public abstract String toString();
+    public abstract byte[] getEncoded();
+    public abstract void verify(PublicKey p0);
+    public abstract void verify(PublicKey p0, String p1);
+    public boolean equals(Object p0){ return false; }
+    public int hashCode(){ return 0; }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/X509Certificate.java b/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/X509Certificate.java
new file mode 100644
index 00000000000..ab526d827a3
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/X509Certificate.java
@@ -0,0 +1,27 @@
+// Generated automatically from javax.security.cert.X509Certificate for testing purposes
+
+package javax.security.cert;
+
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.util.Date;
+import javax.security.cert.Certificate;
+
+abstract public class X509Certificate extends Certificate
+{
+    public X509Certificate(){}
+    public abstract BigInteger getSerialNumber();
+    public abstract Date getNotAfter();
+    public abstract Date getNotBefore();
+    public abstract Principal getIssuerDN();
+    public abstract Principal getSubjectDN();
+    public abstract String getSigAlgName();
+    public abstract String getSigAlgOID();
+    public abstract byte[] getSigAlgParams();
+    public abstract int getVersion();
+    public abstract void checkValidity();
+    public abstract void checkValidity(Date p0);
+    public static X509Certificate getInstance(InputStream p0){ return null; }
+    public static X509Certificate getInstance(byte[] p0){ return null; }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/collections/IntIterator.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/collections/IntIterator.java
new file mode 100644
index 00000000000..87ed291f07d
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/collections/IntIterator.java
@@ -0,0 +1,14 @@
+// Generated automatically from kotlin.collections.IntIterator for testing purposes
+
+package kotlin.collections;
+
+import java.util.Iterator;
+import kotlin.jvm.internal.markers.KMappedMarker;
+
+abstract public class IntIterator implements Iterator<Integer>, KMappedMarker
+{
+    public IntIterator(){}
+    public abstract int nextInt();
+    public final Integer next(){ return null; }
+    public void remove(){}
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/jvm/functions/Function1.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/jvm/functions/Function1.java
new file mode 100644
index 00000000000..775d4d8369b
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/jvm/functions/Function1.java
@@ -0,0 +1,10 @@
+// Generated automatically from kotlin.jvm.functions.Function1 for testing purposes
+
+package kotlin.jvm.functions;
+
+import kotlin.Function;
+
+public interface Function1<P1, R> extends Function<R>
+{
+    R invoke(P1 p0);
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/ClosedRange.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/ClosedRange.java
new file mode 100644
index 00000000000..36880bd56db
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/ClosedRange.java
@@ -0,0 +1,12 @@
+// Generated automatically from kotlin.ranges.ClosedRange for testing purposes
+
+package kotlin.ranges;
+
+
+public interface ClosedRange<T extends Comparable<? super T>>
+{
+    T getEndInclusive();
+    T getStart();
+    boolean contains(T p0);
+    boolean isEmpty();
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntProgression.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntProgression.java
new file mode 100644
index 00000000000..3cf69027397
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntProgression.java
@@ -0,0 +1,26 @@
+// Generated automatically from kotlin.ranges.IntProgression for testing purposes
+
+package kotlin.ranges;
+
+import kotlin.collections.IntIterator;
+import kotlin.jvm.internal.markers.KMappedMarker;
+
+public class IntProgression implements Iterable<Integer>, KMappedMarker
+{
+    protected IntProgression() {}
+    public IntIterator iterator(){ return null; }
+    public IntProgression(int p0, int p1, int p2){}
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public boolean isEmpty(){ return false; }
+    public final int getFirst(){ return 0; }
+    public final int getLast(){ return 0; }
+    public final int getStep(){ return 0; }
+    public int hashCode(){ return 0; }
+    public static IntProgression.Companion Companion = null;
+    static public class Companion
+    {
+        protected Companion() {}
+        public final IntProgression fromClosedRange(int p0, int p1, int p2){ return null; }
+    }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntRange.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntRange.java
new file mode 100644
index 00000000000..eebf2a6fd34
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntRange.java
@@ -0,0 +1,25 @@
+// Generated automatically from kotlin.ranges.IntRange for testing purposes
+
+package kotlin.ranges;
+
+import kotlin.ranges.ClosedRange;
+import kotlin.ranges.IntProgression;
+
+public class IntRange extends IntProgression implements ClosedRange<Integer>
+{
+    protected IntRange() {}
+    public IntRange(int p0, int p1){}
+    public Integer getEndInclusive(){ return null; }
+    public Integer getStart(){ return null; }
+    public String toString(){ return null; }
+    public boolean contains(Integer p0){ return false; } // manually corrected
+    public boolean equals(Object p0){ return false; }
+    public boolean isEmpty(){ return false; }
+    public int hashCode(){ return 0; }
+    public static IntRange.Companion Companion = null;
+    static public class Companion
+    {
+        protected Companion() {}
+        public final IntRange getEMPTY(){ return null; }
+    }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/sequences/Sequence.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/sequences/Sequence.java
new file mode 100644
index 00000000000..6f57a5a443a
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/sequences/Sequence.java
@@ -0,0 +1,10 @@
+// Generated automatically from kotlin.sequences.Sequence for testing purposes
+
+package kotlin.sequences;
+
+import java.util.Iterator;
+
+public interface Sequence<T>
+{
+    Iterator<T> iterator();
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/FlagEnum.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/FlagEnum.java
new file mode 100644
index 00000000000..8ec20898544
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/FlagEnum.java
@@ -0,0 +1,10 @@
+// Generated automatically from kotlin.text.FlagEnum for testing purposes
+
+package kotlin.text;
+
+
+interface FlagEnum
+{
+    int getMask();
+    int getValue();
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroup.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroup.java
new file mode 100644
index 00000000000..e90a0ea9264
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroup.java
@@ -0,0 +1,19 @@
+// Generated automatically from kotlin.text.MatchGroup for testing purposes
+
+package kotlin.text;
+
+import kotlin.ranges.IntRange;
+
+public class MatchGroup
+{
+    protected MatchGroup() {}
+    public MatchGroup(String p0, IntRange p1){}
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final IntRange component2(){ return null; }
+    public final IntRange getRange(){ return null; }
+    public final MatchGroup copy(String p0, IntRange p1){ return null; }
+    public final String component1(){ return null; }
+    public final String getValue(){ return null; }
+    public int hashCode(){ return 0; }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroupCollection.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroupCollection.java
new file mode 100644
index 00000000000..ca401ed1a98
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroupCollection.java
@@ -0,0 +1,12 @@
+// Generated automatically from kotlin.text.MatchGroupCollection for testing purposes
+
+package kotlin.text;
+
+import java.util.Collection;
+import kotlin.jvm.internal.markers.KMappedMarker;
+import kotlin.text.MatchGroup;
+
+public interface MatchGroupCollection extends Collection<MatchGroup>, KMappedMarker
+{
+    MatchGroup get(int p0);
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchResult.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchResult.java
new file mode 100644
index 00000000000..888b629712c
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchResult.java
@@ -0,0 +1,24 @@
+// Generated automatically from kotlin.text.MatchResult for testing purposes
+
+package kotlin.text;
+
+import java.util.List;
+import kotlin.ranges.IntRange;
+import kotlin.text.MatchGroupCollection;
+
+public interface MatchResult
+{
+    IntRange getRange();
+    List<String> getGroupValues();
+    MatchGroupCollection getGroups();
+    MatchResult next();
+    MatchResult.Destructured getDestructured();
+    String getValue();
+    static public class Destructured
+    {
+        protected Destructured() {}
+        public Destructured(MatchResult p0){}
+        public final List<String> toList(){ return null; }
+        public final MatchResult getMatch(){ return null; }
+    }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/Regex.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/Regex.java
new file mode 100644
index 00000000000..f587f461b2e
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/Regex.java
@@ -0,0 +1,42 @@
+// Generated automatically from kotlin.text.Regex for testing purposes
+
+package kotlin.text;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
+import kotlin.jvm.functions.Function1;
+import kotlin.sequences.Sequence;
+import kotlin.text.MatchResult;
+import kotlin.text.RegexOption;
+
+public class Regex implements Serializable
+{
+    protected Regex() {}
+    public Regex(Pattern p0){}
+    public Regex(String p0){}
+    public Regex(String p0, RegexOption p1){}
+    public Regex(String p0, Set<? extends RegexOption> p1){}
+    public String toString(){ return null; }
+    public final List<String> split(CharSequence p0, int p1){ return null; }
+    public final MatchResult find(CharSequence p0, int p1){ return null; }
+    public final MatchResult matchEntire(CharSequence p0){ return null; }
+    public final Pattern toPattern(){ return null; }
+    public final Sequence<MatchResult> findAll(CharSequence p0, int p1){ return null; }
+    public final Set<RegexOption> getOptions(){ return null; }
+    public final String getPattern(){ return null; }
+    public final String replace(CharSequence p0, Function1<? super MatchResult, ? extends CharSequence> p1){ return null; }
+    public final String replace(CharSequence p0, String p1){ return null; }
+    public final String replaceFirst(CharSequence p0, String p1){ return null; }
+    public final boolean containsMatchIn(CharSequence p0){ return false; }
+    public final boolean matches(CharSequence p0){ return false; }
+    public static Regex.Companion Companion = null;
+    static public class Companion
+    {
+        protected Companion() {}
+        public final Regex fromLiteral(String p0){ return null; }
+        public final String escape(String p0){ return null; }
+        public final String escapeReplacement(String p0){ return null; }
+    }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/RegexOption.java b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/RegexOption.java
new file mode 100644
index 00000000000..7cc222eb40a
--- /dev/null
+++ b/java/ql/test/stubs/okhttp-4.9.3/kotlin/text/RegexOption.java
@@ -0,0 +1,12 @@
+// Generated automatically from kotlin.text.RegexOption for testing purposes
+
+package kotlin.text;
+
+
+public enum RegexOption
+{
+    CANON_EQ, COMMENTS, DOT_MATCHES_ALL, IGNORE_CASE, LITERAL, MULTILINE, UNIX_LINES;
+    private RegexOption() {}
+    public int getMask(){ return 0; }
+    public int getValue(){ return 0; }
+}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Address.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Address.java
index aa50e384773..b28b7349323 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Address.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Address.java
@@ -15,70 +15,23 @@ import okhttp3.Dns;
 import okhttp3.HttpUrl;
 import okhttp3.Protocol;
 
-public class Address {
+public class Address
+{
     protected Address() {}
-
-    public Address(String p0, int p1, Dns p2, SocketFactory p3, SSLSocketFactory p4,
-            HostnameVerifier p5, CertificatePinner p6, Authenticator p7, Proxy p8,
-            List<? extends Protocol> p9, List<ConnectionSpec> p10, ProxySelector p11) {}
-
-    public String toString() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public final Authenticator proxyAuthenticator() {
-        return null;
-    }
-
-    public final CertificatePinner certificatePinner() {
-        return null;
-    }
-
-    public final Dns dns() {
-        return null;
-    }
-
-    public final HostnameVerifier hostnameVerifier() {
-        return null;
-    }
-
-    public final HttpUrl url() {
-        return null;
-    }
-
-    public final List<ConnectionSpec> connectionSpecs() {
-        return null;
-    }
-
-    public final List<Protocol> protocols() {
-        return null;
-    }
-
-    public final Proxy proxy() {
-        return null;
-    }
-
-    public final ProxySelector proxySelector() {
-        return null;
-    }
-
-    public final SSLSocketFactory sslSocketFactory() {
-        return null;
-    }
-
-    public final SocketFactory socketFactory() {
-        return null;
-    }
-
-    public final boolean equalsNonHost$okhttp(Address p0) {
-        return false;
-    }
-
-    public int hashCode() {
-        return 0;
-    }
+    public Address(String p0, int p1, Dns p2, SocketFactory p3, SSLSocketFactory p4, HostnameVerifier p5, CertificatePinner p6, Authenticator p7, Proxy p8, List<? extends Protocol> p9, List<ConnectionSpec> p10, ProxySelector p11){}
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final Authenticator proxyAuthenticator(){ return null; }
+    public final CertificatePinner certificatePinner(){ return null; }
+    public final Dns dns(){ return null; }
+    public final HostnameVerifier hostnameVerifier(){ return null; }
+    public final HttpUrl url(){ return null; }
+    public final List<ConnectionSpec> connectionSpecs(){ return null; }
+    public final List<Protocol> protocols(){ return null; }
+    public final Proxy proxy(){ return null; }
+    public final ProxySelector proxySelector(){ return null; }
+    public final SSLSocketFactory sslSocketFactory(){ return null; }
+    public final SocketFactory socketFactory(){ return null; }
+    public final boolean equalsNonHost$okhttp(Address p0){ return false; }
+    public int hashCode(){ return 0; }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cache.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cache.java
index 789ff82e4f8..51980a27f0e 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cache.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cache.java
@@ -16,122 +16,46 @@ import okhttp3.internal.cache.DiskLruCache;
 import okhttp3.internal.io.FileSystem;
 import okio.BufferedSource;
 
-public class Cache implements Closeable, Flushable {
+public class Cache implements Closeable, Flushable
+{
     protected Cache() {}
-
-    public Cache(File p0, long p1) {}
-
-    public Cache(File p0, long p1, FileSystem p2) {}
-
-    public final CacheRequest put$okhttp(Response p0) {
-        return null;
-    }
-
-    public final DiskLruCache getCache$okhttp() {
-        return null;
-    }
-
-    public final File directory() {
-        return null;
-    }
-
-    public final Iterator<String> urls() {
-        return null;
-    }
-
-    public final Response get$okhttp(Request p0) {
-        return null;
-    }
-
-    public final boolean isClosed() {
-        return false;
-    }
-
-    public final int getWriteAbortCount$okhttp() {
-        return 0;
-    }
-
-    public final int getWriteSuccessCount$okhttp() {
-        return 0;
-    }
-
-    public final int hitCount() {
-        return 0;
-    }
-
-    public final int networkCount() {
-        return 0;
-    }
-
-    public final int requestCount() {
-        return 0;
-    }
-
-    public final int writeAbortCount() {
-        return 0;
-    }
-
-    public final int writeSuccessCount() {
-        return 0;
-    }
-
-    public final long maxSize() {
-        return 0;
-    }
-
-    public final long size() {
-        return 0;
-    }
-
-    public final void delete() {}
-
-    public final void evictAll() {}
-
-    public final void initialize() {}
-
-    public final void remove$okhttp(Request p0) {}
-
-    public final void setWriteAbortCount$okhttp(int p0) {}
-
-    public final void setWriteSuccessCount$okhttp(int p0) {}
-
-    public final void trackConditionalCacheHit$okhttp() {}
-
-    public final void trackResponse$okhttp(CacheStrategy p0) {}
-
-    public final void update$okhttp(Response p0, Response p1) {}
-
+    public Cache(File p0, long p1){}
+    public Cache(File p0, long p1, FileSystem p2){}
+    public final CacheRequest put$okhttp(Response p0){ return null; }
+    public final DiskLruCache getCache$okhttp(){ return null; }
+    public final File directory(){ return null; }
+    public final Iterator<String> urls(){ return null; }
+    public final Response get$okhttp(Request p0){ return null; }
+    public final boolean isClosed(){ return false; }
+    public final int getWriteAbortCount$okhttp(){ return 0; }
+    public final int getWriteSuccessCount$okhttp(){ return 0; }
+    public final int hitCount(){ return 0; }
+    public final int networkCount(){ return 0; }
+    public final int requestCount(){ return 0; }
+    public final int writeAbortCount(){ return 0; }
+    public final int writeSuccessCount(){ return 0; }
+    public final long maxSize(){ return 0; }
+    public final long size(){ return 0; }
+    public final void delete(){}
+    public final void evictAll(){}
+    public final void initialize(){}
+    public final void remove$okhttp(Request p0){}
+    public final void setWriteAbortCount$okhttp(int p0){}
+    public final void setWriteSuccessCount$okhttp(int p0){}
+    public final void trackConditionalCacheHit$okhttp(){}
+    public final void trackResponse$okhttp(CacheStrategy p0){}
+    public final void update$okhttp(Response p0, Response p1){}
     public static Cache.Companion Companion = null;
-
-    public static String key(HttpUrl p0) {
-        return null;
-    }
-
-    public void close() {}
-
-    public void flush() {}
-
-    static public class Companion {
+    public static String key(HttpUrl p0){ return null; }
+    public void close(){}
+    public void flush(){}
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final Headers varyHeaders(Response p0) {
-            return null;
-        }
-
-        public final String key(HttpUrl p0) {
-            return null;
-        }
-
-        public final boolean hasVaryAll(Response p0) {
-            return false;
-        }
-
-        public final boolean varyMatches(Response p0, Headers p1, Request p2) {
-            return false;
-        }
-
-        public final int readInt$okhttp(BufferedSource p0) {
-            return 0;
-        }
+        public final Headers varyHeaders(Response p0){ return null; }
+        public final String key(HttpUrl p0){ return null; }
+        public final boolean hasVaryAll(Response p0){ return false; }
+        public final boolean varyMatches(Response p0, Headers p1, Request p2){ return false; }
+        public final int readInt$okhttp(BufferedSource p0){ return 0; }
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CacheControl.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CacheControl.java
index 564f1cad733..80282b01ec3 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CacheControl.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CacheControl.java
@@ -4,75 +4,29 @@ package okhttp3;
 
 import okhttp3.Headers;
 
-public class CacheControl {
+public class CacheControl
+{
     protected CacheControl() {}
-
-    public String toString() {
-        return null;
-    }
-
-    public final boolean immutable() {
-        return false;
-    }
-
-    public final boolean isPrivate() {
-        return false;
-    }
-
-    public final boolean isPublic() {
-        return false;
-    }
-
-    public final boolean mustRevalidate() {
-        return false;
-    }
-
-    public final boolean noCache() {
-        return false;
-    }
-
-    public final boolean noStore() {
-        return false;
-    }
-
-    public final boolean noTransform() {
-        return false;
-    }
-
-    public final boolean onlyIfCached() {
-        return false;
-    }
-
-    public final int maxAgeSeconds() {
-        return 0;
-    }
-
-    public final int maxStaleSeconds() {
-        return 0;
-    }
-
-    public final int minFreshSeconds() {
-        return 0;
-    }
-
-    public final int sMaxAgeSeconds() {
-        return 0;
-    }
-
+    public String toString(){ return null; }
+    public final boolean immutable(){ return false; }
+    public final boolean isPrivate(){ return false; }
+    public final boolean isPublic(){ return false; }
+    public final boolean mustRevalidate(){ return false; }
+    public final boolean noCache(){ return false; }
+    public final boolean noStore(){ return false; }
+    public final boolean noTransform(){ return false; }
+    public final boolean onlyIfCached(){ return false; }
+    public final int maxAgeSeconds(){ return 0; }
+    public final int maxStaleSeconds(){ return 0; }
+    public final int minFreshSeconds(){ return 0; }
+    public final int sMaxAgeSeconds(){ return 0; }
     public static CacheControl FORCE_CACHE = null;
     public static CacheControl FORCE_NETWORK = null;
-
-    public static CacheControl parse(Headers p0) {
-        return null;
-    }
-
+    public static CacheControl parse(Headers p0){ return null; }
     public static CacheControl.Companion Companion = null;
-
-    static public class Companion {
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final CacheControl parse(Headers p0) {
-            return null;
-        }
+        public final CacheControl parse(Headers p0){ return null; }
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CertificatePinner.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CertificatePinner.java
index 15e83d72f46..09e607247f4 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CertificatePinner.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CertificatePinner.java
@@ -28,6 +28,13 @@ public class CertificatePinner
     public static CertificatePinner DEFAULT = null;
     public static CertificatePinner.Companion Companion = null;
     public static String pin(Certificate p0){ return null; }
+    static public class Builder
+    {
+        public Builder(){}
+        public final CertificatePinner build(){ return null; }
+        public final CertificatePinner.Builder add(String p0, String... p1){ return null; }
+        public final List<CertificatePinner.Pin> getPins(){ return null; }
+    }
     static public class Companion
     {
         protected Companion() {}
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Challenge.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Challenge.java
index f64fe1436b4..1d9ea8eff1c 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Challenge.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Challenge.java
@@ -5,42 +5,17 @@ package okhttp3;
 import java.nio.charset.Charset;
 import java.util.Map;
 
-public class Challenge {
+public class Challenge
+{
     protected Challenge() {}
-
-    public Challenge(String p0, Map<String, String> p1) {}
-
-    public Challenge(String p0, String p1) {}
-
-    public String toString() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public final Challenge withCharset(Charset p0) {
-        return null;
-    }
-
-    public final Charset charset() {
-        return null;
-    }
-
-    public final Map<String, String> authParams() {
-        return null;
-    }
-
-    public final String realm() {
-        return null;
-    }
-
-    public final String scheme() {
-        return null;
-    }
-
-    public int hashCode() {
-        return 0;
-    }
+    public Challenge(String p0, Map<String, String> p1){}
+    public Challenge(String p0, String p1){}
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final Challenge withCharset(Charset p0){ return null; }
+    public final Charset charset(){ return null; }
+    public final Map<String, String> authParams(){ return null; }
+    public final String realm(){ return null; }
+    public final String scheme(){ return null; }
+    public int hashCode(){ return 0; }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CipherSuite.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CipherSuite.java
index 24d10e5da04..656be7117c4 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CipherSuite.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/CipherSuite.java
@@ -4,17 +4,11 @@ package okhttp3;
 
 import java.util.Comparator;
 
-public class CipherSuite {
+public class CipherSuite
+{
     protected CipherSuite() {}
-
-    public String toString() {
-        return null;
-    }
-
-    public final String javaName() {
-        return null;
-    }
-
+    public String toString(){ return null; }
+    public final String javaName(){ return null; }
     public static CipherSuite TLS_AES_128_CCM_8_SHA256 = null;
     public static CipherSuite TLS_AES_128_CCM_SHA256 = null;
     public static CipherSuite TLS_AES_128_GCM_SHA256 = null;
@@ -134,22 +128,12 @@ public class CipherSuite {
     public static CipherSuite TLS_RSA_WITH_RC4_128_MD5 = null;
     public static CipherSuite TLS_RSA_WITH_RC4_128_SHA = null;
     public static CipherSuite TLS_RSA_WITH_SEED_CBC_SHA = null;
-
-    public static CipherSuite forJavaName(String p0) {
-        return null;
-    }
-
+    public static CipherSuite forJavaName(String p0){ return null; }
     public static CipherSuite.Companion Companion = null;
-
-    static public class Companion {
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final CipherSuite forJavaName(String p0) {
-            return null;
-        }
-
-        public final Comparator<String> getORDER_BY_NAME$okhttp() {
-            return null;
-        }
+        public final CipherSuite forJavaName(String p0){ return null; }
+        public final Comparator<String> getORDER_BY_NAME$okhttp(){ return null; }
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/ConnectionSpec.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/ConnectionSpec.java
index 9f8d14b4714..59c04bc0910 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/ConnectionSpec.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/ConnectionSpec.java
@@ -7,52 +7,26 @@ import javax.net.ssl.SSLSocket;
 import okhttp3.CipherSuite;
 import okhttp3.TlsVersion;
 
-public class ConnectionSpec {
+public class ConnectionSpec
+{
     protected ConnectionSpec() {}
-
-    public ConnectionSpec(boolean p0, boolean p1, String[] p2, String[] p3) {}
-
-    public String toString() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public final List<CipherSuite> cipherSuites() {
-        return null;
-    }
-
-    public final List<TlsVersion> tlsVersions() {
-        return null;
-    }
-
-    public final boolean isCompatible(SSLSocket p0) {
-        return false;
-    }
-
-    public final boolean isTls() {
-        return false;
-    }
-
-    public final boolean supportsTlsExtensions() {
-        return false;
-    }
-
-    public final void apply$okhttp(SSLSocket p0, boolean p1) {}
-
-    public int hashCode() {
-        return 0;
-    }
-
+    public ConnectionSpec(boolean p0, boolean p1, String[] p2, String[] p3){}
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final List<CipherSuite> cipherSuites(){ return null; }
+    public final List<TlsVersion> tlsVersions(){ return null; }
+    public final boolean isCompatible(SSLSocket p0){ return false; }
+    public final boolean isTls(){ return false; }
+    public final boolean supportsTlsExtensions(){ return false; }
+    public final void apply$okhttp(SSLSocket p0, boolean p1){}
+    public int hashCode(){ return 0; }
     public static ConnectionSpec CLEARTEXT = null;
     public static ConnectionSpec COMPATIBLE_TLS = null;
     public static ConnectionSpec MODERN_TLS = null;
     public static ConnectionSpec RESTRICTED_TLS = null;
     public static ConnectionSpec.Companion Companion = null;
-
-    static public class Companion {
+    static public class Companion
+    {
         protected Companion() {}
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cookie.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cookie.java
index 3ffd4a2a270..f9e8c481a77 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cookie.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Cookie.java
@@ -6,88 +6,31 @@ import java.util.List;
 import okhttp3.Headers;
 import okhttp3.HttpUrl;
 
-public class Cookie {
+public class Cookie
+{
     protected Cookie() {}
-
-    public String toString() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public final String domain() {
-        return null;
-    }
-
-    public final String name() {
-        return null;
-    }
-
-    public final String path() {
-        return null;
-    }
-
-    public final String toString$okhttp(boolean p0) {
-        return null;
-    }
-
-    public final String value() {
-        return null;
-    }
-
-    public final boolean hostOnly() {
-        return false;
-    }
-
-    public final boolean httpOnly() {
-        return false;
-    }
-
-    public final boolean matches(HttpUrl p0) {
-        return false;
-    }
-
-    public final boolean persistent() {
-        return false;
-    }
-
-    public final boolean secure() {
-        return false;
-    }
-
-    public final long expiresAt() {
-        return 0;
-    }
-
-    public int hashCode() {
-        return 0;
-    }
-
-    public static Cookie parse(HttpUrl p0, String p1) {
-        return null;
-    }
-
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final String domain(){ return null; }
+    public final String name(){ return null; }
+    public final String path(){ return null; }
+    public final String toString$okhttp(boolean p0){ return null; }
+    public final String value(){ return null; }
+    public final boolean hostOnly(){ return false; }
+    public final boolean httpOnly(){ return false; }
+    public final boolean matches(HttpUrl p0){ return false; }
+    public final boolean persistent(){ return false; }
+    public final boolean secure(){ return false; }
+    public final long expiresAt(){ return 0; }
+    public int hashCode(){ return 0; }
+    public static Cookie parse(HttpUrl p0, String p1){ return null; }
     public static Cookie.Companion Companion = null;
-
-    public static List<Cookie> parseAll(HttpUrl p0, Headers p1) {
-        return null;
-    }
-
-    static public class Companion {
+    public static List<Cookie> parseAll(HttpUrl p0, Headers p1){ return null; }
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final Cookie parse$okhttp(long p0, HttpUrl p1, String p2) {
-            return null;
-        }
-
-        public final Cookie parse(HttpUrl p0, String p1) {
-            return null;
-        }
-
-        public final List<Cookie> parseAll(HttpUrl p0, Headers p1) {
-            return null;
-        }
+        public final Cookie parse$okhttp(long p0, HttpUrl p1, String p2){ return null; }
+        public final Cookie parse(HttpUrl p0, String p1){ return null; }
+        public final List<Cookie> parseAll(HttpUrl p0, Headers p1){ return null; }
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Dispatcher.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Dispatcher.java
index ca74ca9e775..9e2acffb284 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Dispatcher.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Dispatcher.java
@@ -7,56 +7,24 @@ import java.util.concurrent.ExecutorService;
 import okhttp3.Call;
 import okhttp3.internal.connection.RealCall;
 
-public class Dispatcher {
-    public Dispatcher() {}
-
-    public Dispatcher(ExecutorService p0) {}
-
-    public final ExecutorService executorService() {
-        return null;
-    }
-
-    public final List<Call> queuedCalls() {
-        return null;
-    }
-
-    public final List<Call> runningCalls() {
-        return null;
-    }
-
-    public final Runnable getIdleCallback() {
-        return null;
-    }
-
-    public final int getMaxRequests() {
-        return 0;
-    }
-
-    public final int getMaxRequestsPerHost() {
-        return 0;
-    }
-
-    public final int queuedCallsCount() {
-        return 0;
-    }
-
-    public final int runningCallsCount() {
-        return 0;
-    }
-
-    public final void cancelAll() {}
-
-    public final void enqueue$okhttp(RealCall.AsyncCall p0) {}
-
-    public final void executed$okhttp(RealCall p0) {}
-
-    public final void finished$okhttp(RealCall p0) {}
-
-    public final void finished$okhttp(RealCall.AsyncCall p0) {}
-
-    public final void setIdleCallback(Runnable p0) {}
-
-    public final void setMaxRequests(int p0) {}
-
-    public final void setMaxRequestsPerHost(int p0) {}
+public class Dispatcher
+{
+    public Dispatcher(){}
+    public Dispatcher(ExecutorService p0){}
+    public final ExecutorService executorService(){ return null; }
+    public final List<Call> queuedCalls(){ return null; }
+    public final List<Call> runningCalls(){ return null; }
+    public final Runnable getIdleCallback(){ return null; }
+    public final int getMaxRequests(){ return 0; }
+    public final int getMaxRequestsPerHost(){ return 0; }
+    public final int queuedCallsCount(){ return 0; }
+    public final int runningCallsCount(){ return 0; }
+    public final void cancelAll(){}
+    public final void enqueue$okhttp(RealCall.AsyncCall p0){}
+    public final void executed$okhttp(RealCall p0){}
+    public final void finished$okhttp(RealCall p0){}
+    public final void finished$okhttp(RealCall.AsyncCall p0){}
+    public final void setIdleCallback(Runnable p0){}
+    public final void setMaxRequests(int p0){}
+    public final void setMaxRequestsPerHost(int p0){}
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Handshake.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Handshake.java
index 2f97dee0c4c..b0ef923700c 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Handshake.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Handshake.java
@@ -10,69 +10,26 @@ import kotlin.jvm.functions.Function0;
 import okhttp3.CipherSuite;
 import okhttp3.TlsVersion;
 
-public class Handshake {
+public class Handshake
+{
     protected Handshake() {}
-
-    public Handshake(TlsVersion p0, CipherSuite p1, List<? extends Certificate> p2,
-            Function0<? extends List<? extends Certificate>> p3) {}
-
-    public String toString() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public final CipherSuite cipherSuite() {
-        return null;
-    }
-
-    public final List<Certificate> localCertificates() {
-        return null;
-    }
-
-    public final List<Certificate> peerCertificates() {
-        return null;
-    }
-
-    public final Principal localPrincipal() {
-        return null;
-    }
-
-    public final Principal peerPrincipal() {
-        return null;
-    }
-
-    public final TlsVersion tlsVersion() {
-        return null;
-    }
-
-    public int hashCode() {
-        return 0;
-    }
-
-    public static Handshake get(SSLSession p0) {
-        return null;
-    }
-
-    public static Handshake get(TlsVersion p0, CipherSuite p1, List<? extends Certificate> p2,
-            List<? extends Certificate> p3) {
-        return null;
-    }
-
+    public Handshake(TlsVersion p0, CipherSuite p1, List<? extends Certificate> p2, Function0<? extends List<? extends Certificate>> p3){}
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final CipherSuite cipherSuite(){ return null; }
+    public final List<Certificate> localCertificates(){ return null; }
+    public final List<Certificate> peerCertificates(){ return null; }
+    public final Principal localPrincipal(){ return null; }
+    public final Principal peerPrincipal(){ return null; }
+    public final TlsVersion tlsVersion(){ return null; }
+    public int hashCode(){ return 0; }
+    public static Handshake get(SSLSession p0){ return null; }
+    public static Handshake get(TlsVersion p0, CipherSuite p1, List<? extends Certificate> p2, List<? extends Certificate> p3){ return null; }
     public static Handshake.Companion Companion = null;
-
-    static public class Companion {
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final Handshake get(SSLSession p0) {
-            return null;
-        }
-
-        public final Handshake get(TlsVersion p0, CipherSuite p1, List<? extends Certificate> p2,
-                List<? extends Certificate> p3) {
-            return null;
-        }
+        public final Handshake get(SSLSession p0){ return null; }
+        public final Handshake get(TlsVersion p0, CipherSuite p1, List<? extends Certificate> p2, List<? extends Certificate> p3){ return null; }
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/HttpUrl.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/HttpUrl.java
index 5fef4d9606d..d33e5834d4e 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/HttpUrl.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/HttpUrl.java
@@ -8,156 +8,46 @@ import java.nio.charset.Charset;
 import java.util.List;
 import java.util.Set;
 
-public class HttpUrl {
+public class HttpUrl
+{
     protected HttpUrl() {}
-
-    public HttpUrl(String p0, String p1, String p2, String p3, int p4, List<String> p5,
-            List<String> p6, String p7, String p8) {}
-
-    public String toString() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public final HttpUrl resolve(String p0) {
-        return null;
-    }
-
-    public final HttpUrl.Builder newBuilder() {
-        return null;
-    }
-
-    public final HttpUrl.Builder newBuilder(String p0) {
-        return null;
-    }
-
-    public final List<String> encodedPathSegments() {
-        return null;
-    }
-
-    public final List<String> pathSegments() {
-        return null;
-    }
-
-    public final List<String> queryParameterValues(String p0) {
-        return null;
-    }
-
-    public final Set<String> queryParameterNames() {
-        return null;
-    }
-
-    public final String encodedFragment() {
-        return null;
-    }
-
-    public final String encodedPassword() {
-        return null;
-    }
-
-    public final String encodedPath() {
-        return null;
-    }
-
-    public final String encodedQuery() {
-        return null;
-    }
-
-    public final String encodedUsername() {
-        return null;
-    }
-
-    public final String fragment() {
-        return null;
-    }
-
-    public final String host() {
-        return null;
-    }
-
-    public final String password() {
-        return null;
-    }
-
-    public final String query() {
-        return null;
-    }
-
-    public final String queryParameter(String p0) {
-        return null;
-    }
-
-    public final String queryParameterName(int p0) {
-        return null;
-    }
-
-    public final String queryParameterValue(int p0) {
-        return null;
-    }
-
-    public final String redact() {
-        return null;
-    }
-
-    public final String scheme() {
-        return null;
-    }
-
-    public final String topPrivateDomain() {
-        return null;
-    }
-
-    public final String username() {
-        return null;
-    }
-
-    public final URI uri() {
-        return null;
-    }
-
-    public final URL url() {
-        return null;
-    }
-
-    public final boolean isHttps() {
-        return false;
-    }
-
-    public final int pathSize() {
-        return 0;
-    }
-
-    public final int port() {
-        return 0;
-    }
-
-    public final int querySize() {
-        return 0;
-    }
-
-    public int hashCode() {
-        return 0;
-    }
-
-    public static HttpUrl get(String p0) {
-        return null;
-    }
-
-    public static HttpUrl get(URI p0) {
-        return null;
-    }
-
-    public static HttpUrl get(URL p0) {
-        return null;
-    }
-
-    public static HttpUrl parse(String p0) {
-        return null;
-    }
-
+    public HttpUrl(String p0, String p1, String p2, String p3, int p4, List<String> p5, List<String> p6, String p7, String p8){}
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final HttpUrl resolve(String p0){ return null; }
+    public final HttpUrl.Builder newBuilder(){ return null; }
+    public final HttpUrl.Builder newBuilder(String p0){ return null; }
+    public final List<String> encodedPathSegments(){ return null; }
+    public final List<String> pathSegments(){ return null; }
+    public final List<String> queryParameterValues(String p0){ return null; }
+    public final Set<String> queryParameterNames(){ return null; }
+    public final String encodedFragment(){ return null; }
+    public final String encodedPassword(){ return null; }
+    public final String encodedPath(){ return null; }
+    public final String encodedQuery(){ return null; }
+    public final String encodedUsername(){ return null; }
+    public final String fragment(){ return null; }
+    public final String host(){ return null; }
+    public final String password(){ return null; }
+    public final String query(){ return null; }
+    public final String queryParameter(String p0){ return null; }
+    public final String queryParameterName(int p0){ return null; }
+    public final String queryParameterValue(int p0){ return null; }
+    public final String redact(){ return null; }
+    public final String scheme(){ return null; }
+    public final String topPrivateDomain(){ return null; }
+    public final String username(){ return null; }
+    public final URI uri(){ return null; }
+    public final URL url(){ return null; }
+    public final boolean isHttps(){ return false; }
+    public final int pathSize(){ return 0; }
+    public final int port(){ return 0; }
+    public final int querySize(){ return 0; }
+    public int hashCode(){ return 0; }
+    public static HttpUrl get(String p0){ return null; }
+    public static HttpUrl get(URI p0){ return null; }
+    public static HttpUrl get(URL p0){ return null; }
+    public static HttpUrl parse(String p0){ return null; }
     public static HttpUrl.Companion Companion = null;
     public static String FORM_ENCODE_SET = null;
     public static String FRAGMENT_ENCODE_SET = null;
@@ -170,221 +60,73 @@ public class HttpUrl {
     public static String QUERY_COMPONENT_REENCODE_SET = null;
     public static String QUERY_ENCODE_SET = null;
     public static String USERNAME_ENCODE_SET = null;
-
-    public static int defaultPort(String p0) {
-        return 0;
-    }
-
-    static public class Builder {
-        public Builder() {}
-
-        public String toString() {
-            return null;
-        }
-
-        public final HttpUrl build() {
-            return null;
-        }
-
-        public final HttpUrl.Builder addEncodedPathSegment(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder addEncodedPathSegments(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder addEncodedQueryParameter(String p0, String p1) {
-            return null;
-        }
-
-        public final HttpUrl.Builder addPathSegment(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder addPathSegments(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder addQueryParameter(String p0, String p1) {
-            return null;
-        }
-
-        public final HttpUrl.Builder encodedFragment(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder encodedPassword(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder encodedPath(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder encodedQuery(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder encodedUsername(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder fragment(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder host(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder parse$okhttp(HttpUrl p0, String p1) {
-            return null;
-        }
-
-        public final HttpUrl.Builder password(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder port(int p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder query(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder reencodeForUri$okhttp() {
-            return null;
-        }
-
-        public final HttpUrl.Builder removeAllEncodedQueryParameters(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder removeAllQueryParameters(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder removePathSegment(int p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder scheme(String p0) {
-            return null;
-        }
-
-        public final HttpUrl.Builder setEncodedPathSegment(int p0, String p1) {
-            return null;
-        }
-
-        public final HttpUrl.Builder setEncodedQueryParameter(String p0, String p1) {
-            return null;
-        }
-
-        public final HttpUrl.Builder setPathSegment(int p0, String p1) {
-            return null;
-        }
-
-        public final HttpUrl.Builder setQueryParameter(String p0, String p1) {
-            return null;
-        }
-
-        public final HttpUrl.Builder username(String p0) {
-            return null;
-        }
-
-        public final List<String> getEncodedPathSegments$okhttp() {
-            return null;
-        }
-
-        public final List<String> getEncodedQueryNamesAndValues$okhttp() {
-            return null;
-        }
-
-        public final String getEncodedFragment$okhttp() {
-            return null;
-        }
-
-        public final String getEncodedPassword$okhttp() {
-            return null;
-        }
-
-        public final String getEncodedUsername$okhttp() {
-            return null;
-        }
-
-        public final String getHost$okhttp() {
-            return null;
-        }
-
-        public final String getScheme$okhttp() {
-            return null;
-        }
-
-        public final int getPort$okhttp() {
-            return 0;
-        }
-
-        public final void setEncodedFragment$okhttp(String p0) {}
-
-        public final void setEncodedPassword$okhttp(String p0) {}
-
-        public final void setEncodedQueryNamesAndValues$okhttp(List<String> p0) {}
-
-        public final void setEncodedUsername$okhttp(String p0) {}
-
-        public final void setHost$okhttp(String p0) {}
-
-        public final void setPort$okhttp(int p0) {}
-
-        public final void setScheme$okhttp(String p0) {}
-
+    public static int defaultPort(String p0){ return 0; }
+    static public class Builder
+    {
+        public Builder(){}
+        public String toString(){ return null; }
+        public final HttpUrl build(){ return null; }
+        public final HttpUrl.Builder addEncodedPathSegment(String p0){ return null; }
+        public final HttpUrl.Builder addEncodedPathSegments(String p0){ return null; }
+        public final HttpUrl.Builder addEncodedQueryParameter(String p0, String p1){ return null; }
+        public final HttpUrl.Builder addPathSegment(String p0){ return null; }
+        public final HttpUrl.Builder addPathSegments(String p0){ return null; }
+        public final HttpUrl.Builder addQueryParameter(String p0, String p1){ return null; }
+        public final HttpUrl.Builder encodedFragment(String p0){ return null; }
+        public final HttpUrl.Builder encodedPassword(String p0){ return null; }
+        public final HttpUrl.Builder encodedPath(String p0){ return null; }
+        public final HttpUrl.Builder encodedQuery(String p0){ return null; }
+        public final HttpUrl.Builder encodedUsername(String p0){ return null; }
+        public final HttpUrl.Builder fragment(String p0){ return null; }
+        public final HttpUrl.Builder host(String p0){ return null; }
+        public final HttpUrl.Builder parse$okhttp(HttpUrl p0, String p1){ return null; }
+        public final HttpUrl.Builder password(String p0){ return null; }
+        public final HttpUrl.Builder port(int p0){ return null; }
+        public final HttpUrl.Builder query(String p0){ return null; }
+        public final HttpUrl.Builder reencodeForUri$okhttp(){ return null; }
+        public final HttpUrl.Builder removeAllEncodedQueryParameters(String p0){ return null; }
+        public final HttpUrl.Builder removeAllQueryParameters(String p0){ return null; }
+        public final HttpUrl.Builder removePathSegment(int p0){ return null; }
+        public final HttpUrl.Builder scheme(String p0){ return null; }
+        public final HttpUrl.Builder setEncodedPathSegment(int p0, String p1){ return null; }
+        public final HttpUrl.Builder setEncodedQueryParameter(String p0, String p1){ return null; }
+        public final HttpUrl.Builder setPathSegment(int p0, String p1){ return null; }
+        public final HttpUrl.Builder setQueryParameter(String p0, String p1){ return null; }
+        public final HttpUrl.Builder username(String p0){ return null; }
+        public final List<String> getEncodedPathSegments$okhttp(){ return null; }
+        public final List<String> getEncodedQueryNamesAndValues$okhttp(){ return null; }
+        public final String getEncodedFragment$okhttp(){ return null; }
+        public final String getEncodedPassword$okhttp(){ return null; }
+        public final String getEncodedUsername$okhttp(){ return null; }
+        public final String getHost$okhttp(){ return null; }
+        public final String getScheme$okhttp(){ return null; }
+        public final int getPort$okhttp(){ return 0; }
+        public final void setEncodedFragment$okhttp(String p0){}
+        public final void setEncodedPassword$okhttp(String p0){}
+        public final void setEncodedQueryNamesAndValues$okhttp(List<String> p0){}
+        public final void setEncodedUsername$okhttp(String p0){}
+        public final void setHost$okhttp(String p0){}
+        public final void setPort$okhttp(int p0){}
+        public final void setScheme$okhttp(String p0){}
         public static HttpUrl.Builder.Companion Companion = null;
         public static String INVALID_HOST = null;
-
-        static public class Companion {
+        static public class Companion
+        {
             protected Companion() {}
         }
     }
-    static public class Companion {
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final HttpUrl get(String p0) {
-            return null;
-        }
-
-        public final HttpUrl get(URI p0) {
-            return null;
-        }
-
-        public final HttpUrl get(URL p0) {
-            return null;
-        }
-
-        public final HttpUrl parse(String p0) {
-            return null;
-        }
-
-        public final List<String> toQueryNamesAndValues$okhttp(String p0) {
-            return null;
-        }
-
-        public final String canonicalize$okhttp(String p0, int p1, int p2, String p3, boolean p4,
-                boolean p5, boolean p6, boolean p7, Charset p8) {
-            return null;
-        }
-
-        public final String percentDecode$okhttp(String p0, int p1, int p2, boolean p3) {
-            return null;
-        }
-
-        public final int defaultPort(String p0) {
-            return 0;
-        }
-
-        public final void toPathString$okhttp(List<String> p0, StringBuilder p1) {}
-
-        public final void toQueryString$okhttp(List<String> p0, StringBuilder p1) {}
+        public final HttpUrl get(String p0){ return null; }
+        public final HttpUrl get(URI p0){ return null; }
+        public final HttpUrl get(URL p0){ return null; }
+        public final HttpUrl parse(String p0){ return null; }
+        public final List<String> toQueryNamesAndValues$okhttp(String p0){ return null; }
+        public final String canonicalize$okhttp(String p0, int p1, int p2, String p3, boolean p4, boolean p5, boolean p6, boolean p7, Charset p8){ return null; }
+        public final String percentDecode$okhttp(String p0, int p1, int p2, boolean p3){ return null; }
+        public final int defaultPort(String p0){ return 0; }
+        public final void toPathString$okhttp(List<String> p0, StringBuilder p1){}
+        public final void toQueryString$okhttp(List<String> p0, StringBuilder p1){}
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/MediaType.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/MediaType.java
index 2b3a2f0117a..e16108d4253 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/MediaType.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/MediaType.java
@@ -4,60 +4,24 @@ package okhttp3;
 
 import java.nio.charset.Charset;
 
-public class MediaType {
+public class MediaType
+{
     protected MediaType() {}
-
-    public String toString() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public final Charset charset() {
-        return null;
-    }
-
-    public final Charset charset(Charset p0) {
-        return null;
-    }
-
-    public final String parameter(String p0) {
-        return null;
-    }
-
-    public final String subtype() {
-        return null;
-    }
-
-    public final String type() {
-        return null;
-    }
-
-    public int hashCode() {
-        return 0;
-    }
-
-    public static MediaType get(String p0) {
-        return null;
-    }
-
-    public static MediaType parse(String p0) {
-        return null;
-    }
-
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final Charset charset(){ return null; }
+    public final Charset charset(Charset p0){ return null; }
+    public final String parameter(String p0){ return null; }
+    public final String subtype(){ return null; }
+    public final String type(){ return null; }
+    public int hashCode(){ return 0; }
+    public static MediaType get(String p0){ return null; }
+    public static MediaType parse(String p0){ return null; }
     public static MediaType.Companion Companion = null;
-
-    static public class Companion {
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final MediaType get(String p0) {
-            return null;
-        }
-
-        public final MediaType parse(String p0) {
-            return null;
-        }
+        public final MediaType get(String p0){ return null; }
+        public final MediaType parse(String p0){ return null; }
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/OkHttpClient.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/OkHttpClient.java
index 2af0180eb36..35626e283e0 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/OkHttpClient.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/OkHttpClient.java
@@ -11,7 +11,6 @@ import javax.net.SocketFactory;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.X509TrustManager;
-import kotlin.jvm.functions.Function1;
 import okhttp3.Authenticator;
 import okhttp3.Cache;
 import okhttp3.Call;
@@ -25,504 +24,154 @@ import okhttp3.EventListener;
 import okhttp3.Interceptor;
 import okhttp3.Protocol;
 import okhttp3.Request;
-import okhttp3.Response;
 import okhttp3.WebSocket;
 import okhttp3.WebSocketListener;
 import okhttp3.internal.connection.RouteDatabase;
 import okhttp3.internal.tls.CertificateChainCleaner;
 
-public class OkHttpClient implements Call.Factory, Cloneable, WebSocket.Factory {
-    public Call newCall(Request p0) {
-        return null;
-    }
-
-    public Object clone() {
-        return null;
-    }
-
-    public OkHttpClient() {}
-
-    public OkHttpClient(OkHttpClient.Builder p0) {}
-
-    public OkHttpClient.Builder newBuilder() {
-        return null;
-    }
-
-    public WebSocket newWebSocket(Request p0, WebSocketListener p1) {
-        return null;
-    }
-
-    public final Authenticator authenticator() {
-        return null;
-    }
-
-    public final Authenticator proxyAuthenticator() {
-        return null;
-    }
-
-    public final Cache cache() {
-        return null;
-    }
-
-    public final CertificateChainCleaner certificateChainCleaner() {
-        return null;
-    }
-
-    public final CertificatePinner certificatePinner() {
-        return null;
-    }
-
-    public final ConnectionPool connectionPool() {
-        return null;
-    }
-
-    public final CookieJar cookieJar() {
-        return null;
-    }
-
-    public final Dispatcher dispatcher() {
-        return null;
-    }
-
-    public final Dns dns() {
-        return null;
-    }
-
-    public final EventListener.Factory eventListenerFactory() {
-        return null;
-    }
-
-    public final HostnameVerifier hostnameVerifier() {
-        return null;
-    }
-
-    public final List<ConnectionSpec> connectionSpecs() {
-        return null;
-    }
-
-    public final List<Interceptor> interceptors() {
-        return null;
-    }
-
-    public final List<Interceptor> networkInterceptors() {
-        return null;
-    }
-
-    public final List<Protocol> protocols() {
-        return null;
-    }
-
-    public final Proxy proxy() {
-        return null;
-    }
-
-    public final ProxySelector proxySelector() {
-        return null;
-    }
-
-    public final RouteDatabase getRouteDatabase() {
-        return null;
-    }
-
-    public final SSLSocketFactory sslSocketFactory() {
-        return null;
-    }
-
-    public final SocketFactory socketFactory() {
-        return null;
-    }
-
-    public final X509TrustManager x509TrustManager() {
-        return null;
-    }
-
-    public final boolean followRedirects() {
-        return false;
-    }
-
-    public final boolean followSslRedirects() {
-        return false;
-    }
-
-    public final boolean retryOnConnectionFailure() {
-        return false;
-    }
-
-    public final int callTimeoutMillis() {
-        return 0;
-    }
-
-    public final int connectTimeoutMillis() {
-        return 0;
-    }
-
-    public final int pingIntervalMillis() {
-        return 0;
-    }
-
-    public final int readTimeoutMillis() {
-        return 0;
-    }
-
-    public final int writeTimeoutMillis() {
-        return 0;
-    }
-
-    public final long minWebSocketMessageToCompress() {
-        return 0;
-    }
-
+public class OkHttpClient implements Call.Factory, Cloneable, WebSocket.Factory
+{
+    public Call newCall(Request p0){ return null; }
+    public Object clone(){ return null; }
+    public OkHttpClient(){}
+    public OkHttpClient(OkHttpClient.Builder p0){}
+    public OkHttpClient.Builder newBuilder(){ return null; }
+    public WebSocket newWebSocket(Request p0, WebSocketListener p1){ return null; }
+    public final Authenticator authenticator(){ return null; }
+    public final Authenticator proxyAuthenticator(){ return null; }
+    public final Cache cache(){ return null; }
+    public final CertificateChainCleaner certificateChainCleaner(){ return null; }
+    public final CertificatePinner certificatePinner(){ return null; }
+    public final ConnectionPool connectionPool(){ return null; }
+    public final CookieJar cookieJar(){ return null; }
+    public final Dispatcher dispatcher(){ return null; }
+    public final Dns dns(){ return null; }
+    public final EventListener.Factory eventListenerFactory(){ return null; }
+    public final HostnameVerifier hostnameVerifier(){ return null; }
+    public final List<ConnectionSpec> connectionSpecs(){ return null; }
+    public final List<Interceptor> interceptors(){ return null; }
+    public final List<Interceptor> networkInterceptors(){ return null; }
+    public final List<Protocol> protocols(){ return null; }
+    public final Proxy proxy(){ return null; }
+    public final ProxySelector proxySelector(){ return null; }
+    public final RouteDatabase getRouteDatabase(){ return null; }
+    public final SSLSocketFactory sslSocketFactory(){ return null; }
+    public final SocketFactory socketFactory(){ return null; }
+    public final X509TrustManager x509TrustManager(){ return null; }
+    public final boolean followRedirects(){ return false; }
+    public final boolean followSslRedirects(){ return false; }
+    public final boolean retryOnConnectionFailure(){ return false; }
+    public final int callTimeoutMillis(){ return 0; }
+    public final int connectTimeoutMillis(){ return 0; }
+    public final int pingIntervalMillis(){ return 0; }
+    public final int readTimeoutMillis(){ return 0; }
+    public final int writeTimeoutMillis(){ return 0; }
+    public final long minWebSocketMessageToCompress(){ return 0; }
     public static OkHttpClient.Companion Companion = null;
-
-    static public class Builder {
-        public Builder() {}
-
-        public Builder(OkHttpClient p0) {}
-
-        public final Authenticator getAuthenticator$okhttp() {
-            return null;
-        }
-
-        public final Authenticator getProxyAuthenticator$okhttp() {
-            return null;
-        }
-
-        public final Cache getCache$okhttp() {
-            return null;
-        }
-
-        public final CertificateChainCleaner getCertificateChainCleaner$okhttp() {
-            return null;
-        }
-
-        public final CertificatePinner getCertificatePinner$okhttp() {
-            return null;
-        }
-
-        public final ConnectionPool getConnectionPool$okhttp() {
-            return null;
-        }
-
-        public final CookieJar getCookieJar$okhttp() {
-            return null;
-        }
-
-        public final Dispatcher getDispatcher$okhttp() {
-            return null;
-        }
-
-        public final Dns getDns$okhttp() {
-            return null;
-        }
-
-        public final EventListener.Factory getEventListenerFactory$okhttp() {
-            return null;
-        }
-
-        public final HostnameVerifier getHostnameVerifier$okhttp() {
-            return null;
-        }
-
-        public final List<ConnectionSpec> getConnectionSpecs$okhttp() {
-            return null;
-        }
-
-        public final List<Interceptor> getInterceptors$okhttp() {
-            return null;
-        }
-
-        public final List<Interceptor> getNetworkInterceptors$okhttp() {
-            return null;
-        }
-
-        public final List<Interceptor> interceptors() {
-            return null;
-        }
-
-        public final List<Interceptor> networkInterceptors() {
-            return null;
-        }
-
-        public final List<Protocol> getProtocols$okhttp() {
-            return null;
-        }
-
-        public final OkHttpClient build() {
-            return null;
-        }
-
-        public final OkHttpClient.Builder addInterceptor(
-                Function1<? super Interceptor.Chain, Response> p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder addNetworkInterceptor(
-                Function1<? super Interceptor.Chain, Response> p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder addInterceptor(Interceptor p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder addNetworkInterceptor(Interceptor p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder authenticator(Authenticator p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder cache(Cache p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder callTimeout(Duration p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder callTimeout(long p0, TimeUnit p1) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder certificatePinner(CertificatePinner p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder connectTimeout(Duration p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder connectTimeout(long p0, TimeUnit p1) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder connectionPool(ConnectionPool p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder connectionSpecs(List<ConnectionSpec> p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder cookieJar(CookieJar p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder dispatcher(Dispatcher p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder dns(Dns p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder eventListener(EventListener p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder eventListenerFactory(EventListener.Factory p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder followRedirects(boolean p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder followSslRedirects(boolean p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder hostnameVerifier(HostnameVerifier p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder minWebSocketMessageToCompress(long p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder pingInterval(Duration p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder pingInterval(long p0, TimeUnit p1) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder protocols(List<? extends Protocol> p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder proxy(Proxy p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder proxyAuthenticator(Authenticator p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder proxySelector(ProxySelector p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder readTimeout(Duration p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder readTimeout(long p0, TimeUnit p1) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder retryOnConnectionFailure(boolean p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder socketFactory(SocketFactory p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder sslSocketFactory(SSLSocketFactory p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder sslSocketFactory(SSLSocketFactory p0,
-                X509TrustManager p1) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder writeTimeout(Duration p0) {
-            return null;
-        }
-
-        public final OkHttpClient.Builder writeTimeout(long p0, TimeUnit p1) {
-            return null;
-        }
-
-        public final Proxy getProxy$okhttp() {
-            return null;
-        }
-
-        public final ProxySelector getProxySelector$okhttp() {
-            return null;
-        }
-
-        public final RouteDatabase getRouteDatabase$okhttp() {
-            return null;
-        }
-
-        public final SSLSocketFactory getSslSocketFactoryOrNull$okhttp() {
-            return null;
-        }
-
-        public final SocketFactory getSocketFactory$okhttp() {
-            return null;
-        }
-
-        public final X509TrustManager getX509TrustManagerOrNull$okhttp() {
-            return null;
-        }
-
-        public final boolean getFollowRedirects$okhttp() {
-            return false;
-        }
-
-        public final boolean getFollowSslRedirects$okhttp() {
-            return false;
-        }
-
-        public final boolean getRetryOnConnectionFailure$okhttp() {
-            return false;
-        }
-
-        public final int getCallTimeout$okhttp() {
-            return 0;
-        }
-
-        public final int getConnectTimeout$okhttp() {
-            return 0;
-        }
-
-        public final int getPingInterval$okhttp() {
-            return 0;
-        }
-
-        public final int getReadTimeout$okhttp() {
-            return 0;
-        }
-
-        public final int getWriteTimeout$okhttp() {
-            return 0;
-        }
-
-        public final long getMinWebSocketMessageToCompress$okhttp() {
-            return 0;
-        }
-
-        public final void setAuthenticator$okhttp(Authenticator p0) {}
-
-        public final void setCache$okhttp(Cache p0) {}
-
-        public final void setCallTimeout$okhttp(int p0) {}
-
-        public final void setCertificateChainCleaner$okhttp(CertificateChainCleaner p0) {}
-
-        public final void setCertificatePinner$okhttp(CertificatePinner p0) {}
-
-        public final void setConnectTimeout$okhttp(int p0) {}
-
-        public final void setConnectionPool$okhttp(ConnectionPool p0) {}
-
-        public final void setConnectionSpecs$okhttp(List<ConnectionSpec> p0) {}
-
-        public final void setCookieJar$okhttp(CookieJar p0) {}
-
-        public final void setDispatcher$okhttp(Dispatcher p0) {}
-
-        public final void setDns$okhttp(Dns p0) {}
-
-        public final void setEventListenerFactory$okhttp(EventListener.Factory p0) {}
-
-        public final void setFollowRedirects$okhttp(boolean p0) {}
-
-        public final void setFollowSslRedirects$okhttp(boolean p0) {}
-
-        public final void setHostnameVerifier$okhttp(HostnameVerifier p0) {}
-
-        public final void setMinWebSocketMessageToCompress$okhttp(long p0) {}
-
-        public final void setPingInterval$okhttp(int p0) {}
-
-        public final void setProtocols$okhttp(List<? extends Protocol> p0) {}
-
-        public final void setProxy$okhttp(Proxy p0) {}
-
-        public final void setProxyAuthenticator$okhttp(Authenticator p0) {}
-
-        public final void setProxySelector$okhttp(ProxySelector p0) {}
-
-        public final void setReadTimeout$okhttp(int p0) {}
-
-        public final void setRetryOnConnectionFailure$okhttp(boolean p0) {}
-
-        public final void setRouteDatabase$okhttp(RouteDatabase p0) {}
-
-        public final void setSocketFactory$okhttp(SocketFactory p0) {}
-
-        public final void setSslSocketFactoryOrNull$okhttp(SSLSocketFactory p0) {}
-
-        public final void setWriteTimeout$okhttp(int p0) {}
-
-        public final void setX509TrustManagerOrNull$okhttp(X509TrustManager p0) {}
+    static public class Builder
+    {
+        public Builder(){}
+        public Builder(OkHttpClient p0){}
+        public final Authenticator getAuthenticator$okhttp(){ return null; }
+        public final Authenticator getProxyAuthenticator$okhttp(){ return null; }
+        public final Cache getCache$okhttp(){ return null; }
+        public final CertificateChainCleaner getCertificateChainCleaner$okhttp(){ return null; }
+        public final CertificatePinner getCertificatePinner$okhttp(){ return null; }
+        public final ConnectionPool getConnectionPool$okhttp(){ return null; }
+        public final CookieJar getCookieJar$okhttp(){ return null; }
+        public final Dispatcher getDispatcher$okhttp(){ return null; }
+        public final Dns getDns$okhttp(){ return null; }
+        public final EventListener.Factory getEventListenerFactory$okhttp(){ return null; }
+        public final HostnameVerifier getHostnameVerifier$okhttp(){ return null; }
+        public final List<ConnectionSpec> getConnectionSpecs$okhttp(){ return null; }
+        public final List<Interceptor> getInterceptors$okhttp(){ return null; }
+        public final List<Interceptor> getNetworkInterceptors$okhttp(){ return null; }
+        public final List<Interceptor> interceptors(){ return null; }
+        public final List<Interceptor> networkInterceptors(){ return null; }
+        public final List<Protocol> getProtocols$okhttp(){ return null; }
+        public final OkHttpClient build(){ return null; }
+        public final OkHttpClient.Builder addInterceptor(Interceptor p0){ return null; }
+        public final OkHttpClient.Builder addNetworkInterceptor(Interceptor p0){ return null; }
+        public final OkHttpClient.Builder authenticator(Authenticator p0){ return null; }
+        public final OkHttpClient.Builder cache(Cache p0){ return null; }
+        public final OkHttpClient.Builder callTimeout(Duration p0){ return null; }
+        public final OkHttpClient.Builder callTimeout(long p0, TimeUnit p1){ return null; }
+        public final OkHttpClient.Builder certificatePinner(CertificatePinner p0){ return null; }
+        public final OkHttpClient.Builder connectTimeout(Duration p0){ return null; }
+        public final OkHttpClient.Builder connectTimeout(long p0, TimeUnit p1){ return null; }
+        public final OkHttpClient.Builder connectionPool(ConnectionPool p0){ return null; }
+        public final OkHttpClient.Builder connectionSpecs(List<ConnectionSpec> p0){ return null; }
+        public final OkHttpClient.Builder cookieJar(CookieJar p0){ return null; }
+        public final OkHttpClient.Builder dispatcher(Dispatcher p0){ return null; }
+        public final OkHttpClient.Builder dns(Dns p0){ return null; }
+        public final OkHttpClient.Builder eventListener(EventListener p0){ return null; }
+        public final OkHttpClient.Builder eventListenerFactory(EventListener.Factory p0){ return null; }
+        public final OkHttpClient.Builder followRedirects(boolean p0){ return null; }
+        public final OkHttpClient.Builder followSslRedirects(boolean p0){ return null; }
+        public final OkHttpClient.Builder hostnameVerifier(HostnameVerifier p0){ return null; }
+        public final OkHttpClient.Builder minWebSocketMessageToCompress(long p0){ return null; }
+        public final OkHttpClient.Builder pingInterval(Duration p0){ return null; }
+        public final OkHttpClient.Builder pingInterval(long p0, TimeUnit p1){ return null; }
+        public final OkHttpClient.Builder protocols(List<? extends Protocol> p0){ return null; }
+        public final OkHttpClient.Builder proxy(Proxy p0){ return null; }
+        public final OkHttpClient.Builder proxyAuthenticator(Authenticator p0){ return null; }
+        public final OkHttpClient.Builder proxySelector(ProxySelector p0){ return null; }
+        public final OkHttpClient.Builder readTimeout(Duration p0){ return null; }
+        public final OkHttpClient.Builder readTimeout(long p0, TimeUnit p1){ return null; }
+        public final OkHttpClient.Builder retryOnConnectionFailure(boolean p0){ return null; }
+        public final OkHttpClient.Builder socketFactory(SocketFactory p0){ return null; }
+        public final OkHttpClient.Builder sslSocketFactory(SSLSocketFactory p0){ return null; }
+        public final OkHttpClient.Builder sslSocketFactory(SSLSocketFactory p0, X509TrustManager p1){ return null; }
+        public final OkHttpClient.Builder writeTimeout(Duration p0){ return null; }
+        public final OkHttpClient.Builder writeTimeout(long p0, TimeUnit p1){ return null; }
+        public final Proxy getProxy$okhttp(){ return null; }
+        public final ProxySelector getProxySelector$okhttp(){ return null; }
+        public final RouteDatabase getRouteDatabase$okhttp(){ return null; }
+        public final SSLSocketFactory getSslSocketFactoryOrNull$okhttp(){ return null; }
+        public final SocketFactory getSocketFactory$okhttp(){ return null; }
+        public final X509TrustManager getX509TrustManagerOrNull$okhttp(){ return null; }
+        public final boolean getFollowRedirects$okhttp(){ return false; }
+        public final boolean getFollowSslRedirects$okhttp(){ return false; }
+        public final boolean getRetryOnConnectionFailure$okhttp(){ return false; }
+        public final int getCallTimeout$okhttp(){ return 0; }
+        public final int getConnectTimeout$okhttp(){ return 0; }
+        public final int getPingInterval$okhttp(){ return 0; }
+        public final int getReadTimeout$okhttp(){ return 0; }
+        public final int getWriteTimeout$okhttp(){ return 0; }
+        public final long getMinWebSocketMessageToCompress$okhttp(){ return 0; }
+        public final void setAuthenticator$okhttp(Authenticator p0){}
+        public final void setCache$okhttp(Cache p0){}
+        public final void setCallTimeout$okhttp(int p0){}
+        public final void setCertificateChainCleaner$okhttp(CertificateChainCleaner p0){}
+        public final void setCertificatePinner$okhttp(CertificatePinner p0){}
+        public final void setConnectTimeout$okhttp(int p0){}
+        public final void setConnectionPool$okhttp(ConnectionPool p0){}
+        public final void setConnectionSpecs$okhttp(List<ConnectionSpec> p0){}
+        public final void setCookieJar$okhttp(CookieJar p0){}
+        public final void setDispatcher$okhttp(Dispatcher p0){}
+        public final void setDns$okhttp(Dns p0){}
+        public final void setEventListenerFactory$okhttp(EventListener.Factory p0){}
+        public final void setFollowRedirects$okhttp(boolean p0){}
+        public final void setFollowSslRedirects$okhttp(boolean p0){}
+        public final void setHostnameVerifier$okhttp(HostnameVerifier p0){}
+        public final void setMinWebSocketMessageToCompress$okhttp(long p0){}
+        public final void setPingInterval$okhttp(int p0){}
+        public final void setProtocols$okhttp(List<? extends Protocol> p0){}
+        public final void setProxy$okhttp(Proxy p0){}
+        public final void setProxyAuthenticator$okhttp(Authenticator p0){}
+        public final void setProxySelector$okhttp(ProxySelector p0){}
+        public final void setReadTimeout$okhttp(int p0){}
+        public final void setRetryOnConnectionFailure$okhttp(boolean p0){}
+        public final void setRouteDatabase$okhttp(RouteDatabase p0){}
+        public final void setSocketFactory$okhttp(SocketFactory p0){}
+        public final void setSslSocketFactoryOrNull$okhttp(SSLSocketFactory p0){}
+        public final void setWriteTimeout$okhttp(int p0){}
+        public final void setX509TrustManagerOrNull$okhttp(X509TrustManager p0){}
     }
-    static public class Companion {
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final List<ConnectionSpec> getDEFAULT_CONNECTION_SPECS$okhttp() {
-            return null;
-        }
-
-        public final List<Protocol> getDEFAULT_PROTOCOLS$okhttp() {
-            return null;
-        }
+        public final List<ConnectionSpec> getDEFAULT_CONNECTION_SPECS$okhttp(){ return null; }
+        public final List<Protocol> getDEFAULT_PROTOCOLS$okhttp(){ return null; }
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Request.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Request.java
index f00e4c89c40..a43a1d4e852 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Request.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Request.java
@@ -10,173 +10,55 @@ import okhttp3.Headers;
 import okhttp3.HttpUrl;
 import okhttp3.RequestBody;
 
-public class Request {
+public class Request
+{
     protected Request() {}
-
-    public Request(HttpUrl p0, String p1, Headers p2, RequestBody p3,
-            Map<Class<? extends Object>, ? extends Object> p4) {}
-
-    public String toString() {
-        return null;
-    }
-
-    public final <T> T tag(Class<? extends T> p0) {
-        return null;
-    }
-
-    public final CacheControl cacheControl() {
-        return null;
-    }
-
-    public final Headers headers() {
-        return null;
-    }
-
-    public final HttpUrl url() {
-        return null;
-    }
-
-    public final List<String> headers(String p0) {
-        return null;
-    }
-
-    public final Map<Class<? extends Object>, Object> getTags$okhttp() {
-        return null;
-    }
-
-    public final Object tag() {
-        return null;
-    }
-
-    public final Request.Builder newBuilder() {
-        return null;
-    }
-
-    public final RequestBody body() {
-        return null;
-    }
-
-    public final String header(String p0) {
-        return null;
-    }
-
-    public final String method() {
-        return null;
-    }
-
-    public final boolean isHttps() {
-        return false;
-    }
-
-    static public class Builder {
-        public <T> Request.Builder tag(Class<? super T> p0, T p1) {
-            return null;
-        }
-
-        public Builder() {}
-
-        public Builder(Request p0) {}
-
-        public Request build() {
-            return null;
-        }
-
-        public Request.Builder addHeader(String p0, String p1) {
-            return null;
-        }
-
-        public Request.Builder cacheControl(CacheControl p0) {
-            return null;
-        }
-
-        public Request.Builder delete(RequestBody p0) {
-            return null;
-        }
-
-        public Request.Builder get() {
-            return null;
-        }
-
-        public Request.Builder head() {
-            return null;
-        }
-
-        public Request.Builder header(String p0, String p1) {
-            return null;
-        }
-
-        public Request.Builder headers(Headers p0) {
-            return null;
-        }
-
-        public Request.Builder method(String p0, RequestBody p1) {
-            return null;
-        }
-
-        public Request.Builder patch(RequestBody p0) {
-            return null;
-        }
-
-        public Request.Builder post(RequestBody p0) {
-            return null;
-        }
-
-        public Request.Builder put(RequestBody p0) {
-            return null;
-        }
-
-        public Request.Builder removeHeader(String p0) {
-            return null;
-        }
-
-        public Request.Builder tag(Object p0) {
-            return null;
-        }
-
-        public Request.Builder url(HttpUrl p0) {
-            return null;
-        }
-
-        public Request.Builder url(String p0) {
-            return null;
-        }
-
-        public Request.Builder url(URL p0) {
-            return null;
-        }
-
-        public final Headers.Builder getHeaders$okhttp() {
-            return null;
-        }
-
-        public final HttpUrl getUrl$okhttp() {
-            return null;
-        }
-
-        public final Map<Class<? extends Object>, Object> getTags$okhttp() {
-            return null;
-        }
-
-        public final Request.Builder delete() {
-            return null;
-        }
-
-        public final RequestBody getBody$okhttp() {
-            return null;
-        }
-
-        public final String getMethod$okhttp() {
-            return null;
-        }
-
-        public final void setBody$okhttp(RequestBody p0) {}
-
-        public final void setHeaders$okhttp(Headers.Builder p0) {}
-
-        public final void setMethod$okhttp(String p0) {}
-
-        public final void setTags$okhttp(Map<Class<? extends Object>, Object> p0) {}
-
-        public final void setUrl$okhttp(HttpUrl p0) {}
+    public Request(HttpUrl p0, String p1, Headers p2, RequestBody p3, Map<Class<? extends Object>, ? extends Object> p4){}
+    public String toString(){ return null; }
+    public final <T> T tag(Class<? extends T> p0){ return null; }
+    public final CacheControl cacheControl(){ return null; }
+    public final Headers headers(){ return null; }
+    public final HttpUrl url(){ return null; }
+    public final List<String> headers(String p0){ return null; }
+    public final Map<Class<? extends Object>, Object> getTags$okhttp(){ return null; }
+    public final Object tag(){ return null; }
+    public final Request.Builder newBuilder(){ return null; }
+    public final RequestBody body(){ return null; }
+    public final String header(String p0){ return null; }
+    public final String method(){ return null; }
+    public final boolean isHttps(){ return false; }
+    static public class Builder
+    {
+        public <T> Request.Builder tag(Class<? super T> p0, T p1){ return null; }
+        public Builder(){}
+        public Builder(Request p0){}
+        public Request build(){ return null; }
+        public Request.Builder addHeader(String p0, String p1){ return null; }
+        public Request.Builder cacheControl(CacheControl p0){ return null; }
+        public Request.Builder delete(RequestBody p0){ return null; }
+        public Request.Builder get(){ return null; }
+        public Request.Builder head(){ return null; }
+        public Request.Builder header(String p0, String p1){ return null; }
+        public Request.Builder headers(Headers p0){ return null; }
+        public Request.Builder method(String p0, RequestBody p1){ return null; }
+        public Request.Builder patch(RequestBody p0){ return null; }
+        public Request.Builder post(RequestBody p0){ return null; }
+        public Request.Builder put(RequestBody p0){ return null; }
+        public Request.Builder removeHeader(String p0){ return null; }
+        public Request.Builder tag(Object p0){ return null; }
+        public Request.Builder url(HttpUrl p0){ return null; }
+        public Request.Builder url(String p0){ return null; }
+        public Request.Builder url(URL p0){ return null; }
+        public final Headers.Builder getHeaders$okhttp(){ return null; }
+        public final HttpUrl getUrl$okhttp(){ return null; }
+        public final Map<Class<? extends Object>, Object> getTags$okhttp(){ return null; }
+        public final Request.Builder delete(){ return null; }
+        public final RequestBody getBody$okhttp(){ return null; }
+        public final String getMethod$okhttp(){ return null; }
+        public final void setBody$okhttp(RequestBody p0){}
+        public final void setHeaders$okhttp(Headers.Builder p0){}
+        public final void setMethod$okhttp(String p0){}
+        public final void setTags$okhttp(Map<Class<? extends Object>, Object> p0){}
+        public final void setUrl$okhttp(HttpUrl p0){}
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Response.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Response.java
index a13ed203c53..56a8c3d085a 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Response.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Response.java
@@ -13,258 +13,81 @@ import okhttp3.Request;
 import okhttp3.ResponseBody;
 import okhttp3.internal.connection.Exchange;
 
-public class Response implements Closeable {
+public class Response implements Closeable
+{
     protected Response() {}
-
-    public Response(Request p0, Protocol p1, String p2, int p3, Handshake p4, Headers p5,
-            ResponseBody p6, Response p7, Response p8, Response p9, long p10, long p11,
-            Exchange p12) {}
-
-    public String toString() {
-        return null;
-    }
-
-    public final CacheControl cacheControl() {
-        return null;
-    }
-
-    public final Exchange exchange() {
-        return null;
-    }
-
-    public final Handshake handshake() {
-        return null;
-    }
-
-    public final Headers headers() {
-        return null;
-    }
-
-    public final Headers trailers() {
-        return null;
-    }
-
-    public final List<Challenge> challenges() {
-        return null;
-    }
-
-    public final List<String> headers(String p0) {
-        return null;
-    }
-
-    public final Protocol protocol() {
-        return null;
-    }
-
-    public final Request request() {
-        return null;
-    }
-
-    public final Response cacheResponse() {
-        return null;
-    }
-
-    public final Response networkResponse() {
-        return null;
-    }
-
-    public final Response priorResponse() {
-        return null;
-    }
-
-    public final Response.Builder newBuilder() {
-        return null;
-    }
-
-    public final ResponseBody body() {
-        return null;
-    }
-
-    public final ResponseBody peekBody(long p0) {
-        return null;
-    }
-
-    public final String header(String p0) {
-        return null;
-    }
-
-    public final String header(String p0, String p1) {
-        return null;
-    }
-
-    public final String message() {
-        return null;
-    }
-
-    public final boolean isRedirect() {
-        return false;
-    }
-
-    public final boolean isSuccessful() {
-        return false;
-    }
-
-    public final int code() {
-        return 0;
-    }
-
-    public final long receivedResponseAtMillis() {
-        return 0;
-    }
-
-    public final long sentRequestAtMillis() {
-        return 0;
-    }
-
-    public void close() {}
-
-    static public class Builder {
-        public Builder() {}
-
-        public Builder(Response p0) {}
-
-        public Response build() {
-            return null;
-        }
-
-        public Response.Builder addHeader(String p0, String p1) {
-            return null;
-        }
-
-        public Response.Builder body(ResponseBody p0) {
-            return null;
-        }
-
-        public Response.Builder cacheResponse(Response p0) {
-            return null;
-        }
-
-        public Response.Builder code(int p0) {
-            return null;
-        }
-
-        public Response.Builder handshake(Handshake p0) {
-            return null;
-        }
-
-        public Response.Builder header(String p0, String p1) {
-            return null;
-        }
-
-        public Response.Builder headers(Headers p0) {
-            return null;
-        }
-
-        public Response.Builder message(String p0) {
-            return null;
-        }
-
-        public Response.Builder networkResponse(Response p0) {
-            return null;
-        }
-
-        public Response.Builder priorResponse(Response p0) {
-            return null;
-        }
-
-        public Response.Builder protocol(Protocol p0) {
-            return null;
-        }
-
-        public Response.Builder receivedResponseAtMillis(long p0) {
-            return null;
-        }
-
-        public Response.Builder removeHeader(String p0) {
-            return null;
-        }
-
-        public Response.Builder request(Request p0) {
-            return null;
-        }
-
-        public Response.Builder sentRequestAtMillis(long p0) {
-            return null;
-        }
-
-        public final Exchange getExchange$okhttp() {
-            return null;
-        }
-
-        public final Handshake getHandshake$okhttp() {
-            return null;
-        }
-
-        public final Headers.Builder getHeaders$okhttp() {
-            return null;
-        }
-
-        public final Protocol getProtocol$okhttp() {
-            return null;
-        }
-
-        public final Request getRequest$okhttp() {
-            return null;
-        }
-
-        public final Response getCacheResponse$okhttp() {
-            return null;
-        }
-
-        public final Response getNetworkResponse$okhttp() {
-            return null;
-        }
-
-        public final Response getPriorResponse$okhttp() {
-            return null;
-        }
-
-        public final ResponseBody getBody$okhttp() {
-            return null;
-        }
-
-        public final String getMessage$okhttp() {
-            return null;
-        }
-
-        public final int getCode$okhttp() {
-            return 0;
-        }
-
-        public final long getReceivedResponseAtMillis$okhttp() {
-            return 0;
-        }
-
-        public final long getSentRequestAtMillis$okhttp() {
-            return 0;
-        }
-
-        public final void initExchange$okhttp(Exchange p0) {}
-
-        public final void setBody$okhttp(ResponseBody p0) {}
-
-        public final void setCacheResponse$okhttp(Response p0) {}
-
-        public final void setCode$okhttp(int p0) {}
-
-        public final void setExchange$okhttp(Exchange p0) {}
-
-        public final void setHandshake$okhttp(Handshake p0) {}
-
-        public final void setHeaders$okhttp(Headers.Builder p0) {}
-
-        public final void setMessage$okhttp(String p0) {}
-
-        public final void setNetworkResponse$okhttp(Response p0) {}
-
-        public final void setPriorResponse$okhttp(Response p0) {}
-
-        public final void setProtocol$okhttp(Protocol p0) {}
-
-        public final void setReceivedResponseAtMillis$okhttp(long p0) {}
-
-        public final void setRequest$okhttp(Request p0) {}
-
-        public final void setSentRequestAtMillis$okhttp(long p0) {}
+    public Response(Request p0, Protocol p1, String p2, int p3, Handshake p4, Headers p5, ResponseBody p6, Response p7, Response p8, Response p9, long p10, long p11, Exchange p12){}
+    public String toString(){ return null; }
+    public final CacheControl cacheControl(){ return null; }
+    public final Exchange exchange(){ return null; }
+    public final Handshake handshake(){ return null; }
+    public final Headers headers(){ return null; }
+    public final Headers trailers(){ return null; }
+    public final List<Challenge> challenges(){ return null; }
+    public final List<String> headers(String p0){ return null; }
+    public final Protocol protocol(){ return null; }
+    public final Request request(){ return null; }
+    public final Response cacheResponse(){ return null; }
+    public final Response networkResponse(){ return null; }
+    public final Response priorResponse(){ return null; }
+    public final Response.Builder newBuilder(){ return null; }
+    public final ResponseBody body(){ return null; }
+    public final ResponseBody peekBody(long p0){ return null; }
+    public final String header(String p0){ return null; }
+    public final String header(String p0, String p1){ return null; }
+    public final String message(){ return null; }
+    public final boolean isRedirect(){ return false; }
+    public final boolean isSuccessful(){ return false; }
+    public final int code(){ return 0; }
+    public final long receivedResponseAtMillis(){ return 0; }
+    public final long sentRequestAtMillis(){ return 0; }
+    public void close(){}
+    static public class Builder
+    {
+        public Builder(){}
+        public Builder(Response p0){}
+        public Response build(){ return null; }
+        public Response.Builder addHeader(String p0, String p1){ return null; }
+        public Response.Builder body(ResponseBody p0){ return null; }
+        public Response.Builder cacheResponse(Response p0){ return null; }
+        public Response.Builder code(int p0){ return null; }
+        public Response.Builder handshake(Handshake p0){ return null; }
+        public Response.Builder header(String p0, String p1){ return null; }
+        public Response.Builder headers(Headers p0){ return null; }
+        public Response.Builder message(String p0){ return null; }
+        public Response.Builder networkResponse(Response p0){ return null; }
+        public Response.Builder priorResponse(Response p0){ return null; }
+        public Response.Builder protocol(Protocol p0){ return null; }
+        public Response.Builder receivedResponseAtMillis(long p0){ return null; }
+        public Response.Builder removeHeader(String p0){ return null; }
+        public Response.Builder request(Request p0){ return null; }
+        public Response.Builder sentRequestAtMillis(long p0){ return null; }
+        public final Exchange getExchange$okhttp(){ return null; }
+        public final Handshake getHandshake$okhttp(){ return null; }
+        public final Headers.Builder getHeaders$okhttp(){ return null; }
+        public final Protocol getProtocol$okhttp(){ return null; }
+        public final Request getRequest$okhttp(){ return null; }
+        public final Response getCacheResponse$okhttp(){ return null; }
+        public final Response getNetworkResponse$okhttp(){ return null; }
+        public final Response getPriorResponse$okhttp(){ return null; }
+        public final ResponseBody getBody$okhttp(){ return null; }
+        public final String getMessage$okhttp(){ return null; }
+        public final int getCode$okhttp(){ return 0; }
+        public final long getReceivedResponseAtMillis$okhttp(){ return 0; }
+        public final long getSentRequestAtMillis$okhttp(){ return 0; }
+        public final void initExchange$okhttp(Exchange p0){}
+        public final void setBody$okhttp(ResponseBody p0){}
+        public final void setCacheResponse$okhttp(Response p0){}
+        public final void setCode$okhttp(int p0){}
+        public final void setExchange$okhttp(Exchange p0){}
+        public final void setHandshake$okhttp(Handshake p0){}
+        public final void setHeaders$okhttp(Headers.Builder p0){}
+        public final void setMessage$okhttp(String p0){}
+        public final void setNetworkResponse$okhttp(Response p0){}
+        public final void setPriorResponse$okhttp(Response p0){}
+        public final void setProtocol$okhttp(Protocol p0){}
+        public final void setReceivedResponseAtMillis$okhttp(long p0){}
+        public final void setRequest$okhttp(Request p0){}
+        public final void setSentRequestAtMillis$okhttp(long p0){}
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Route.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Route.java
index bff177b55a0..c0d18dadece 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Route.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/Route.java
@@ -6,36 +6,15 @@ import java.net.InetSocketAddress;
 import java.net.Proxy;
 import okhttp3.Address;
 
-public class Route {
+public class Route
+{
     protected Route() {}
-
-    public Route(Address p0, Proxy p1, InetSocketAddress p2) {}
-
-    public String toString() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public final Address address() {
-        return null;
-    }
-
-    public final InetSocketAddress socketAddress() {
-        return null;
-    }
-
-    public final Proxy proxy() {
-        return null;
-    }
-
-    public final boolean requiresTunnel() {
-        return false;
-    }
-
-    public int hashCode() {
-        return 0;
-    }
+    public Route(Address p0, Proxy p1, InetSocketAddress p2){}
+    public String toString(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public final Address address(){ return null; }
+    public final InetSocketAddress socketAddress(){ return null; }
+    public final Proxy proxy(){ return null; }
+    public final boolean requiresTunnel(){ return false; }
+    public int hashCode(){ return 0; }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/TlsVersion.java b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/TlsVersion.java
index fdcfdc9ab6d..33514eff350 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okhttp3/TlsVersion.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okhttp3/TlsVersion.java
@@ -3,26 +3,16 @@
 package okhttp3;
 
 
-public enum TlsVersion {
+public enum TlsVersion
+{
     SSL_3_0, TLS_1_0, TLS_1_1, TLS_1_2, TLS_1_3;
-
     private TlsVersion() {}
-
-    public final String javaName() {
-        return null;
-    }
-
-    public static TlsVersion forJavaName(String p0) {
-        return null;
-    }
-
+    public final String javaName(){ return null; }
+    public static TlsVersion forJavaName(String p0){ return null; }
     public static TlsVersion.Companion Companion = null;
-
-    static public class Companion {
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final TlsVersion forJavaName(String p0) {
-            return null;
-        }
+        public final TlsVersion forJavaName(String p0){ return null; }
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okio/Buffer.java b/java/ql/test/stubs/okhttp-4.9.3/okio/Buffer.java
index 3a270f5e9eb..1a9a2d0f66f 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okio/Buffer.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okio/Buffer.java
@@ -17,453 +17,131 @@ import okio.Sink;
 import okio.Source;
 import okio.Timeout;
 
-public class Buffer implements BufferedSink, BufferedSource, ByteChannel, Cloneable {
-    public Buffer buffer() {
-        return null;
-    }
-
-    public Buffer clone() {
-        return null;
-    }
-
-    public Buffer emit() {
-        return null;
-    }
-
-    public Buffer emitCompleteSegments() {
-        return null;
-    }
-
-    public Buffer getBuffer() {
-        return null;
-    }
-
-    public Buffer write(ByteString p0) {
-        return null;
-    }
-
-    public Buffer write(ByteString p0, int p1, int p2) {
-        return null;
-    }
-
-    public Buffer write(Source p0, long p1) {
-        return null;
-    }
-
-    public Buffer write(byte[] p0) {
-        return null;
-    }
-
-    public Buffer write(byte[] p0, int p1, int p2) {
-        return null;
-    }
-
-    public Buffer writeByte(int p0) {
-        return null;
-    }
-
-    public Buffer writeDecimalLong(long p0) {
-        return null;
-    }
-
-    public Buffer writeHexadecimalUnsignedLong(long p0) {
-        return null;
-    }
-
-    public Buffer writeInt(int p0) {
-        return null;
-    }
-
-    public Buffer writeIntLe(int p0) {
-        return null;
-    }
-
-    public Buffer writeLong(long p0) {
-        return null;
-    }
-
-    public Buffer writeLongLe(long p0) {
-        return null;
-    }
-
-    public Buffer writeShort(int p0) {
-        return null;
-    }
-
-    public Buffer writeShortLe(int p0) {
-        return null;
-    }
-
-    public Buffer writeString(String p0, Charset p1) {
-        return null;
-    }
-
-    public Buffer writeString(String p0, int p1, int p2, Charset p3) {
-        return null;
-    }
-
-    public Buffer writeUtf8(String p0) {
-        return null;
-    }
-
-    public Buffer writeUtf8(String p0, int p1, int p2) {
-        return null;
-    }
-
-    public Buffer writeUtf8CodePoint(int p0) {
-        return null;
-    }
-
-    public Buffer() {}
-
-    public BufferedSource peek() {
-        return null;
-    }
-
-    public ByteString readByteString() {
-        return null;
-    }
-
-    public ByteString readByteString(long p0) {
-        return null;
-    }
-
-    public InputStream inputStream() {
-        return null;
-    }
-
-    public OutputStream outputStream() {
-        return null;
-    }
-
+public class Buffer implements BufferedSink, BufferedSource, ByteChannel, Cloneable
+{
+    public Buffer buffer(){ return null; }
+    public Buffer clone(){ return null; }
+    public Buffer emit(){ return null; }
+    public Buffer emitCompleteSegments(){ return null; }
+    public Buffer getBuffer(){ return null; }
+    public Buffer write(ByteString p0){ return null; }
+    public Buffer write(ByteString p0, int p1, int p2){ return null; }
+    public Buffer write(Source p0, long p1){ return null; }
+    public Buffer write(byte[] p0){ return null; }
+    public Buffer write(byte[] p0, int p1, int p2){ return null; }
+    public Buffer writeByte(int p0){ return null; }
+    public Buffer writeDecimalLong(long p0){ return null; }
+    public Buffer writeHexadecimalUnsignedLong(long p0){ return null; }
+    public Buffer writeInt(int p0){ return null; }
+    public Buffer writeIntLe(int p0){ return null; }
+    public Buffer writeLong(long p0){ return null; }
+    public Buffer writeLongLe(long p0){ return null; }
+    public Buffer writeShort(int p0){ return null; }
+    public Buffer writeShortLe(int p0){ return null; }
+    public Buffer writeString(String p0, Charset p1){ return null; }
+    public Buffer writeString(String p0, int p1, int p2, Charset p3){ return null; }
+    public Buffer writeUtf8(String p0){ return null; }
+    public Buffer writeUtf8(String p0, int p1, int p2){ return null; }
+    public Buffer writeUtf8CodePoint(int p0){ return null; }
+    public Buffer(){}
+    public BufferedSource peek(){ return null; }
+    public ByteString readByteString(){ return null; }
+    public ByteString readByteString(long p0){ return null; }
+    public InputStream inputStream(){ return null; }
+    public OutputStream outputStream(){ return null; }
     public Segment head = null;
-
-    public String readString(Charset p0) {
-        return null;
-    }
-
-    public String readString(long p0, Charset p1) {
-        return null;
-    }
-
-    public String readUtf8() {
-        return null;
-    }
-
-    public String readUtf8(long p0) {
-        return null;
-    }
-
-    public String readUtf8Line() {
-        return null;
-    }
-
-    public String readUtf8LineStrict() {
-        return null;
-    }
-
-    public String readUtf8LineStrict(long p0) {
-        return null;
-    }
-
-    public String toString() {
-        return null;
-    }
-
-    public Timeout timeout() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public boolean exhausted() {
-        return false;
-    }
-
-    public boolean isOpen() {
-        return false;
-    }
-
-    public boolean rangeEquals(long p0, ByteString p1) {
-        return false;
-    }
-
-    public boolean rangeEquals(long p0, ByteString p1, int p2, int p3) {
-        return false;
-    }
-
-    public boolean request(long p0) {
-        return false;
-    }
-
-    public byte readByte() {
-        return 0;
-    }
-
-    public byte[] readByteArray() {
-        return null;
-    }
-
-    public byte[] readByteArray(long p0) {
-        return null;
-    }
-
-    public final Buffer copy() {
-        return null;
-    }
-
-    public final Buffer copyTo(Buffer p0, long p1) {
-        return null;
-    }
-
-    public final Buffer copyTo(Buffer p0, long p1, long p2) {
-        return null;
-    }
-
-    public final Buffer copyTo(OutputStream p0) {
-        return null;
-    }
-
-    public final Buffer copyTo(OutputStream p0, long p1) {
-        return null;
-    }
-
-    public final Buffer copyTo(OutputStream p0, long p1, long p2) {
-        return null;
-    }
-
-    public final Buffer readFrom(InputStream p0) {
-        return null;
-    }
-
-    public final Buffer readFrom(InputStream p0, long p1) {
-        return null;
-    }
-
-    public final Buffer writeTo(OutputStream p0) {
-        return null;
-    }
-
-    public final Buffer writeTo(OutputStream p0, long p1) {
-        return null;
-    }
-
-    public final Buffer.UnsafeCursor readAndWriteUnsafe() {
-        return null;
-    }
-
-    public final Buffer.UnsafeCursor readAndWriteUnsafe(Buffer.UnsafeCursor p0) {
-        return null;
-    }
-
-    public final Buffer.UnsafeCursor readUnsafe() {
-        return null;
-    }
-
-    public final Buffer.UnsafeCursor readUnsafe(Buffer.UnsafeCursor p0) {
-        return null;
-    }
-
-    public final ByteString hmacSha1(ByteString p0) {
-        return null;
-    }
-
-    public final ByteString hmacSha256(ByteString p0) {
-        return null;
-    }
-
-    public final ByteString hmacSha512(ByteString p0) {
-        return null;
-    }
-
-    public final ByteString md5() {
-        return null;
-    }
-
-    public final ByteString sha1() {
-        return null;
-    }
-
-    public final ByteString sha256() {
-        return null;
-    }
-
-    public final ByteString sha512() {
-        return null;
-    }
-
-    public final ByteString snapshot() {
-        return null;
-    }
-
-    public final ByteString snapshot(int p0) {
-        return null;
-    }
-
-    public final Segment writableSegment$okio(int p0) {
-        return null;
-    }
-
-    public final byte getByte(long p0) {
-        return 0;
-    }
-
-    public final long completeSegmentByteCount() {
-        return 0;
-    }
-
-    public final long size() {
-        return 0;
-    }
-
-    public final void clear() {}
-
-    public final void setSize$okio(long p0) {}
-
-    public int hashCode() {
-        return 0;
-    }
-
-    public int read(ByteBuffer p0) {
-        return 0;
-    }
-
-    public int read(byte[] p0) {
-        return 0;
-    }
-
-    public int read(byte[] p0, int p1, int p2) {
-        return 0;
-    }
-
-    public int readInt() {
-        return 0;
-    }
-
-    public int readIntLe() {
-        return 0;
-    }
-
-    public int readUtf8CodePoint() {
-        return 0;
-    }
-
-    public int select(Options p0) {
-        return 0;
-    }
-
-    public int write(ByteBuffer p0) {
-        return 0;
-    }
-
-    public long indexOf(ByteString p0) {
-        return 0;
-    }
-
-    public long indexOf(ByteString p0, long p1) {
-        return 0;
-    }
-
-    public long indexOf(byte p0) {
-        return 0;
-    }
-
-    public long indexOf(byte p0, long p1) {
-        return 0;
-    }
-
-    public long indexOf(byte p0, long p1, long p2) {
-        return 0;
-    }
-
-    public long indexOfElement(ByteString p0) {
-        return 0;
-    }
-
-    public long indexOfElement(ByteString p0, long p1) {
-        return 0;
-    }
-
-    public long read(Buffer p0, long p1) {
-        return 0;
-    }
-
-    public long readAll(Sink p0) {
-        return 0;
-    }
-
-    public long readDecimalLong() {
-        return 0;
-    }
-
-    public long readHexadecimalUnsignedLong() {
-        return 0;
-    }
-
-    public long readLong() {
-        return 0;
-    }
-
-    public long readLongLe() {
-        return 0;
-    }
-
-    public long writeAll(Source p0) {
-        return 0;
-    }
-
-    public short readShort() {
-        return 0;
-    }
-
-    public short readShortLe() {
-        return 0;
-    }
-
-    public void close() {}
-
-    public void flush() {}
-
-    public void readFully(Buffer p0, long p1) {}
-
-    public void readFully(byte[] p0) {}
-
-    public void require(long p0) {}
-
-    public void skip(long p0) {}
-
-    public void write(Buffer p0, long p1) {}
-
-    static public class UnsafeCursor implements Closeable {
+    public String readString(Charset p0){ return null; }
+    public String readString(long p0, Charset p1){ return null; }
+    public String readUtf8(){ return null; }
+    public String readUtf8(long p0){ return null; }
+    public String readUtf8Line(){ return null; }
+    public String readUtf8LineStrict(){ return null; }
+    public String readUtf8LineStrict(long p0){ return null; }
+    public String toString(){ return null; }
+    public Timeout timeout(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public boolean exhausted(){ return false; }
+    public boolean isOpen(){ return false; }
+    public boolean rangeEquals(long p0, ByteString p1){ return false; }
+    public boolean rangeEquals(long p0, ByteString p1, int p2, int p3){ return false; }
+    public boolean request(long p0){ return false; }
+    public byte readByte(){ return 0; }
+    public byte[] readByteArray(){ return null; }
+    public byte[] readByteArray(long p0){ return null; }
+    public final Buffer copy(){ return null; }
+    public final Buffer copyTo(Buffer p0, long p1){ return null; }
+    public final Buffer copyTo(Buffer p0, long p1, long p2){ return null; }
+    public final Buffer copyTo(OutputStream p0){ return null; }
+    public final Buffer copyTo(OutputStream p0, long p1){ return null; }
+    public final Buffer copyTo(OutputStream p0, long p1, long p2){ return null; }
+    public final Buffer readFrom(InputStream p0){ return null; }
+    public final Buffer readFrom(InputStream p0, long p1){ return null; }
+    public final Buffer writeTo(OutputStream p0){ return null; }
+    public final Buffer writeTo(OutputStream p0, long p1){ return null; }
+    public final Buffer.UnsafeCursor readAndWriteUnsafe(){ return null; }
+    public final Buffer.UnsafeCursor readAndWriteUnsafe(Buffer.UnsafeCursor p0){ return null; }
+    public final Buffer.UnsafeCursor readUnsafe(){ return null; }
+    public final Buffer.UnsafeCursor readUnsafe(Buffer.UnsafeCursor p0){ return null; }
+    public final ByteString hmacSha1(ByteString p0){ return null; }
+    public final ByteString hmacSha256(ByteString p0){ return null; }
+    public final ByteString hmacSha512(ByteString p0){ return null; }
+    public final ByteString md5(){ return null; }
+    public final ByteString sha1(){ return null; }
+    public final ByteString sha256(){ return null; }
+    public final ByteString sha512(){ return null; }
+    public final ByteString snapshot(){ return null; }
+    public final ByteString snapshot(int p0){ return null; }
+    public final Segment writableSegment$okio(int p0){ return null; }
+    public final byte getByte(long p0){ return 0; }
+    public final long completeSegmentByteCount(){ return 0; }
+    public final long size(){ return 0; }
+    public final void clear(){}
+    public final void setSize$okio(long p0){}
+    public int hashCode(){ return 0; }
+    public int read(ByteBuffer p0){ return 0; }
+    public int read(byte[] p0){ return 0; }
+    public int read(byte[] p0, int p1, int p2){ return 0; }
+    public int readInt(){ return 0; }
+    public int readIntLe(){ return 0; }
+    public int readUtf8CodePoint(){ return 0; }
+    public int select(Options p0){ return 0; }
+    public int write(ByteBuffer p0){ return 0; }
+    public long indexOf(ByteString p0){ return 0; }
+    public long indexOf(ByteString p0, long p1){ return 0; }
+    public long indexOf(byte p0){ return 0; }
+    public long indexOf(byte p0, long p1){ return 0; }
+    public long indexOf(byte p0, long p1, long p2){ return 0; }
+    public long indexOfElement(ByteString p0){ return 0; }
+    public long indexOfElement(ByteString p0, long p1){ return 0; }
+    public long read(Buffer p0, long p1){ return 0; }
+    public long readAll(Sink p0){ return 0; }
+    public long readDecimalLong(){ return 0; }
+    public long readHexadecimalUnsignedLong(){ return 0; }
+    public long readLong(){ return 0; }
+    public long readLongLe(){ return 0; }
+    public long writeAll(Source p0){ return 0; }
+    public short readShort(){ return 0; }
+    public short readShortLe(){ return 0; }
+    public void close(){}
+    public void flush(){}
+    public void readFully(Buffer p0, long p1){}
+    public void readFully(byte[] p0){}
+    public void require(long p0){}
+    public void skip(long p0){}
+    public void write(Buffer p0, long p1){}
+    static public class UnsafeCursor implements Closeable
+    {
         public Buffer buffer = null;
-
-        public UnsafeCursor() {}
-
+        public UnsafeCursor(){}
         public boolean readWrite = false;
         public byte[] data = null;
-
-        public final int next() {
-            return 0;
-        }
-
-        public final int seek(long p0) {
-            return 0;
-        }
-
-        public final long expandBuffer(int p0) {
-            return 0;
-        }
-
-        public final long resizeBuffer(long p0) {
-            return 0;
-        }
-
+        public final int next(){ return 0; }
+        public final int seek(long p0){ return 0; }
+        public final long expandBuffer(int p0){ return 0; }
+        public final long resizeBuffer(long p0){ return 0; }
         public int end = 0;
         public int start = 0;
         public long offset = 0;
-
-        public void close() {}
+        public void close(){}
     }
 }
diff --git a/java/ql/test/stubs/okhttp-4.9.3/okio/ByteString.java b/java/ql/test/stubs/okhttp-4.9.3/okio/ByteString.java
index 2ac5fe9901a..8378e6a047d 100644
--- a/java/ql/test/stubs/okhttp-4.9.3/okio/ByteString.java
+++ b/java/ql/test/stubs/okhttp-4.9.3/okio/ByteString.java
@@ -9,276 +9,81 @@ import java.nio.ByteBuffer;
 import java.nio.charset.Charset;
 import okio.Buffer;
 
-public class ByteString implements Comparable<ByteString>, Serializable {
+public class ByteString implements Comparable<ByteString>, Serializable
+{
     protected ByteString() {}
-
-    public ByteBuffer asByteBuffer() {
-        return null;
-    }
-
-    public ByteString digest$okio(String p0) {
-        return null;
-    }
-
-    public ByteString hmac$okio(String p0, ByteString p1) {
-        return null;
-    }
-
-    public ByteString hmacSha1(ByteString p0) {
-        return null;
-    }
-
-    public ByteString hmacSha256(ByteString p0) {
-        return null;
-    }
-
-    public ByteString hmacSha512(ByteString p0) {
-        return null;
-    }
-
-    public ByteString md5() {
-        return null;
-    }
-
-    public ByteString sha1() {
-        return null;
-    }
-
-    public ByteString sha256() {
-        return null;
-    }
-
-    public ByteString sha512() {
-        return null;
-    }
-
-    public ByteString substring(int p0, int p1) {
-        return null;
-    }
-
-    public ByteString toAsciiLowercase() {
-        return null;
-    }
-
-    public ByteString toAsciiUppercase() {
-        return null;
-    }
-
-    public ByteString(byte[] p0) {}
-
-    public String base64() {
-        return null;
-    }
-
-    public String base64Url() {
-        return null;
-    }
-
-    public String hex() {
-        return null;
-    }
-
-    public String string(Charset p0) {
-        return null;
-    }
-
-    public String toString() {
-        return null;
-    }
-
-    public String utf8() {
-        return null;
-    }
-
-    public boolean equals(Object p0) {
-        return false;
-    }
-
-    public boolean rangeEquals(int p0, ByteString p1, int p2, int p3) {
-        return false;
-    }
-
-    public boolean rangeEquals(int p0, byte[] p1, int p2, int p3) {
-        return false;
-    }
-
-    public byte internalGet$okio(int p0) {
-        return 0;
-    }
-
-    public byte[] internalArray$okio() {
-        return null;
-    }
-
-    public byte[] toByteArray() {
-        return null;
-    }
-
-    public final ByteString substring() {
-        return null;
-    }
-
-    public final ByteString substring(int p0) {
-        return null;
-    }
-
-    public final String getUtf8$okio() {
-        return null;
-    }
-
-    public final boolean endsWith(ByteString p0) {
-        return false;
-    }
-
-    public final boolean endsWith(byte[] p0) {
-        return false;
-    }
-
-    public final boolean startsWith(ByteString p0) {
-        return false;
-    }
-
-    public final boolean startsWith(byte[] p0) {
-        return false;
-    }
-
-    public final byte getByte(int p0) {
-        return 0;
-    }
-
-    public final byte[] getData$okio() {
-        return null;
-    }
-
-    public final int getHashCode$okio() {
-        return 0;
-    }
-
-    public final int indexOf(ByteString p0) {
-        return 0;
-    }
-
-    public final int indexOf(ByteString p0, int p1) {
-        return 0;
-    }
-
-    public final int indexOf(byte[] p0) {
-        return 0;
-    }
-
-    public final int lastIndexOf(ByteString p0) {
-        return 0;
-    }
-
-    public final int lastIndexOf(ByteString p0, int p1) {
-        return 0;
-    }
-
-    public final int lastIndexOf(byte[] p0) {
-        return 0;
-    }
-
-    public final int size() {
-        return 0;
-    }
-
-    public final void setHashCode$okio(int p0) {}
-
-    public final void setUtf8$okio(String p0) {}
-
-    public int compareTo(ByteString p0) {
-        return 0;
-    }
-
-    public int getSize$okio() {
-        return 0;
-    }
-
-    public int hashCode() {
-        return 0;
-    }
-
-    public int indexOf(byte[] p0, int p1) {
-        return 0;
-    }
-
-    public int lastIndexOf(byte[] p0, int p1) {
-        return 0;
-    }
-
+    public ByteBuffer asByteBuffer(){ return null; }
+    public ByteString digest$okio(String p0){ return null; }
+    public ByteString hmac$okio(String p0, ByteString p1){ return null; }
+    public ByteString hmacSha1(ByteString p0){ return null; }
+    public ByteString hmacSha256(ByteString p0){ return null; }
+    public ByteString hmacSha512(ByteString p0){ return null; }
+    public ByteString md5(){ return null; }
+    public ByteString sha1(){ return null; }
+    public ByteString sha256(){ return null; }
+    public ByteString sha512(){ return null; }
+    public ByteString substring(int p0, int p1){ return null; }
+    public ByteString toAsciiLowercase(){ return null; }
+    public ByteString toAsciiUppercase(){ return null; }
+    public ByteString(byte[] p0){}
+    public String base64(){ return null; }
+    public String base64Url(){ return null; }
+    public String hex(){ return null; }
+    public String string(Charset p0){ return null; }
+    public String toString(){ return null; }
+    public String utf8(){ return null; }
+    public boolean equals(Object p0){ return false; }
+    public boolean rangeEquals(int p0, ByteString p1, int p2, int p3){ return false; }
+    public boolean rangeEquals(int p0, byte[] p1, int p2, int p3){ return false; }
+    public byte internalGet$okio(int p0){ return 0; }
+    public byte[] internalArray$okio(){ return null; }
+    public byte[] toByteArray(){ return null; }
+    public final ByteString substring(){ return null; }
+    public final ByteString substring(int p0){ return null; }
+    public final String getUtf8$okio(){ return null; }
+    public final boolean endsWith(ByteString p0){ return false; }
+    public final boolean endsWith(byte[] p0){ return false; }
+    public final boolean startsWith(ByteString p0){ return false; }
+    public final boolean startsWith(byte[] p0){ return false; }
+    public final byte getByte(int p0){ return 0; }
+    public final byte[] getData$okio(){ return null; }
+    public final int getHashCode$okio(){ return 0; }
+    public final int indexOf(ByteString p0){ return 0; }
+    public final int indexOf(ByteString p0, int p1){ return 0; }
+    public final int indexOf(byte[] p0){ return 0; }
+    public final int lastIndexOf(ByteString p0){ return 0; }
+    public final int lastIndexOf(ByteString p0, int p1){ return 0; }
+    public final int lastIndexOf(byte[] p0){ return 0; }
+    public final int size(){ return 0; }
+    public final void setHashCode$okio(int p0){}
+    public final void setUtf8$okio(String p0){}
+    public int compareTo(ByteString p0){ return 0; }
+    public int getSize$okio(){ return 0; }
+    public int hashCode(){ return 0; }
+    public int indexOf(byte[] p0, int p1){ return 0; }
+    public int lastIndexOf(byte[] p0, int p1){ return 0; }
     public static ByteString EMPTY = null;
-
-    public static ByteString decodeBase64(String p0) {
-        return null;
-    }
-
-    public static ByteString decodeHex(String p0) {
-        return null;
-    }
-
-    public static ByteString encodeString(String p0, Charset p1) {
-        return null;
-    }
-
-    public static ByteString encodeUtf8(String p0) {
-        return null;
-    }
-
-    public static ByteString of(ByteBuffer p0) {
-        return null;
-    }
-
-    public static ByteString of(byte... p0) {
-        return null;
-    }
-
-    public static ByteString of(byte[] p0, int p1, int p2) {
-        return null;
-    }
-
-    public static ByteString read(InputStream p0, int p1) {
-        return null;
-    }
-
+    public static ByteString decodeBase64(String p0){ return null; }
+    public static ByteString decodeHex(String p0){ return null; }
+    public static ByteString encodeString(String p0, Charset p1){ return null; }
+    public static ByteString encodeUtf8(String p0){ return null; }
+    public static ByteString of(ByteBuffer p0){ return null; }
+    public static ByteString of(byte... p0){ return null; }
+    public static ByteString of(byte[] p0, int p1, int p2){ return null; }
+    public static ByteString read(InputStream p0, int p1){ return null; }
     public static ByteString.Companion Companion = null;
-
-    public void write$okio(Buffer p0, int p1, int p2) {}
-
-    public void write(OutputStream p0) {}
-
-    static public class Companion {
+    public void write$okio(Buffer p0, int p1, int p2){}
+    public void write(OutputStream p0){}
+    static public class Companion
+    {
         protected Companion() {}
-
-        public final ByteString decodeBase64(String p0) {
-            return null;
-        }
-
-        public final ByteString decodeHex(String p0) {
-            return null;
-        }
-
-        public final ByteString encodeString(String p0, Charset p1) {
-            return null;
-        }
-
-        public final ByteString encodeUtf8(String p0) {
-            return null;
-        }
-
-        public final ByteString of(ByteBuffer p0) {
-            return null;
-        }
-
-        public final ByteString of(byte... p0) {
-            return null;
-        }
-
-        public final ByteString of(byte[] p0, int p1, int p2) {
-            return null;
-        }
-
-        public final ByteString read(InputStream p0, int p1) {
-            return null;
-        }
+        public final ByteString decodeBase64(String p0){ return null; }
+        public final ByteString decodeHex(String p0){ return null; }
+        public final ByteString encodeString(String p0, Charset p1){ return null; }
+        public final ByteString encodeUtf8(String p0){ return null; }
+        public final ByteString of(ByteBuffer p0){ return null; }
+        public final ByteString of(byte... p0){ return null; }
+        public final ByteString of(byte[] p0, int p1, int p2){ return null; }
+        public final ByteString read(InputStream p0, int p1){ return null; }
     }
 }

From c8aca0619012f6c9483d3fe8f12095a34dbb701c Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Wed, 23 Nov 2022 10:30:24 +0000
Subject: [PATCH 28/93] Implement pinning through a TrustManager + Fix that the
 query was accidentally placed in experimental

---
 .../AndroidCertificatePinningQuery.qll        | 64 ++++++++++++++++++-
 .../AndroidMissingCertificatePinning.ql       |  0
 2 files changed, 62 insertions(+), 2 deletions(-)
 rename java/ql/src/{experimental => }/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql (100%)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index 80549967090..9d8a7bc29b2 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -52,6 +52,66 @@ predicate trustedDomain(string domainName) {
   trustedDomainViaOkHttp(domainName)
 }
 
+/**
+ * Holds if `setSocketFactory` is a call to `HttpsURLConnection.setSSLSocketFactory` or `HttpsURLConnection.setDefaultSSLSocketFactory`
+ * that uses a socket factory derrived from a `TrustManager`.
+ * `default` is true if the default SSL socket factory for all URLs is being set.
+ */
+private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean default) {
+  exists(MethodAccess getSocketFactory, MethodAccess initSslContext, string methodName |
+    setSocketFactory
+        .getMethod()
+        .getASourceOverriddenMethod*()
+        .hasQualifiedName("javax.net.ssl", "HttpsURLConnection", methodName) and
+    (
+      default = true and methodName = "setDefaultSSLSocketFactory"
+      or
+      default = false and methodName = "setSSLSocketFactory"
+    ) and
+    initSslContext.getMethod().hasQualifiedName("javax.net.ssl", "SSLContext", "init") and
+    getSocketFactory
+        .getMethod()
+        .getASourceOverriddenMethod*()
+        .hasQualifiedName("javax.net.ssl", "SSLContext", "getSocketFactory") and
+    not initSslContext.getArgument(1) instanceof NullLiteral and
+    DataFlow::localExprFlow(initSslContext.getQualifier(), getSocketFactory.getQualifier()) and
+    DataFlow::localExprFlow(getSocketFactory, setSocketFactory.getArgument(0))
+  )
+}
+
+/**
+ * Holds if the given expression is an qualifier to a `URL.openConnection` or `URL.openStream` call
+ * that is trusted due to its SSL socket factory being set.
+ */
+private predicate trustedUrlConnection(Expr url) {
+  exists(MethodAccess openCon |
+    openCon
+        .getMethod()
+        .getASourceOverriddenMethod*()
+        .hasQualifiedName("java.net", "URL", "openConnection") and
+    url = openCon.getQualifier() and
+    exists(MethodAccess setSocketFactory |
+      trustedSocketFactory(setSocketFactory, false) and
+      TaintTracking::localExprTaint(openCon, setSocketFactory.getQualifier())
+    )
+  )
+  or
+  trustedSocketFactory(_, true) and
+  exists(MethodAccess open |
+    open.getMethod()
+        .getASourceOverriddenMethod*()
+        .hasQualifiedName("java.net", "URL", ["openConnection", "openStream"]) and
+    url = open.getQualifier()
+  )
+}
+
+private class MissingPinningSink extends DataFlow::Node {
+  MissingPinningSink() {
+    this instanceof UrlOpenSink and
+    not trustedUrlConnection(this.asExpr())
+  }
+}
+
 /** Configuration for finding uses of non trusted URLs. */
 private class UntrustedUrlConfig extends TaintTracking::Configuration {
   UntrustedUrlConfig() { this = "UntrustedUrlConfig" }
@@ -64,13 +124,13 @@ private class UntrustedUrlConfig extends TaintTracking::Configuration {
     )
   }
 
-  override predicate isSink(DataFlow::Node node) { node instanceof UrlOpenSink }
+  override predicate isSink(DataFlow::Node node) { node instanceof MissingPinningSink }
 }
 
 /** Holds if `node` is a network communication call for which certificate pinning is not implemented. */
 predicate missingPinning(DataFlow::Node node) {
   isAndroid() and
-  node instanceof UrlOpenSink and
+  node instanceof MissingPinningSink and
   (
     not exists(string s | trustedDomain(s))
     or
diff --git a/java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
similarity index 100%
rename from java/ql/src/experimental/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
rename to java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql

From 0d6a376a36c75b66941a5fc89293572a8b5fec04 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Fri, 25 Nov 2022 16:37:41 +0000
Subject: [PATCH 29/93] Add test cases for TrustManager case

---
 .../Test4/AndroidManifest.xml                 | 10 ++++++
 .../Test4/R.java                              |  7 ++++
 .../Test4/Test.java                           | 32 +++++++++++++++++
 .../Test4/options                             |  1 +
 .../Test4/res/xml/NetworkSecurityConfig.xml   |  4 +++
 .../Test4/test.expected                       |  0
 .../Test4/test.ql                             | 23 ++++++++++++
 .../Test5/AndroidManifest.xml                 | 10 ++++++
 .../Test5/R.java                              |  7 ++++
 .../Test5/Test.java                           | 35 +++++++++++++++++++
 .../Test5/options                             |  1 +
 .../Test5/res/xml/NetworkSecurityConfig.xml   |  4 +++
 .../Test5/test.expected                       |  0
 .../Test5/test.ql                             | 23 ++++++++++++
 14 files changed, 157 insertions(+)
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/R.java
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/Test.java
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/options
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/res/xml/NetworkSecurityConfig.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.expected
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/R.java
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/Test.java
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/options
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/res/xml/NetworkSecurityConfig.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.expected
 create mode 100644 java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql

diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/AndroidManifest.xml
new file mode 100644
index 00000000000..da5cdabce67
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/AndroidManifest.xml
@@ -0,0 +1,10 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.app"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="0.1" >
+
+    <application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
+    </application>
+
+</manifest>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/R.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/R.java
new file mode 100644
index 00000000000..16f953ea106
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/R.java
@@ -0,0 +1,7 @@
+package com.example;
+
+class R {
+    static final class raw {
+        static final int cert = 0;
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/Test.java
new file mode 100644
index 00000000000..fd745a0ca1c
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/Test.java
@@ -0,0 +1,32 @@
+package com.example;
+
+import java.net.URL;
+import java.net.URLConnection;
+import java.security.KeyStore;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import android.content.res.Resources;
+
+class Test{
+    void test1(Resources resources) throws Exception {
+        KeyStore keyStore = KeyStore.getInstance("BKS");
+        keyStore.load(resources.openRawResource(R.raw.cert), null);
+
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init(keyStore);
+
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(null, tmf.getTrustManagers(), null);
+
+        URL url = new URL("http://www.example.com/");
+        HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); 
+
+        urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
+    }
+
+    void test2() throws Exception {
+        URL url = new URL("http://www.example.com/");
+        HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); // $hasNoTrustedResult
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/options
new file mode 100644
index 00000000000..7d1644b057b
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/options
@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/res/xml/NetworkSecurityConfig.xml
new file mode 100644
index 00000000000..3fd128a05a2
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/res/xml/NetworkSecurityConfig.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+
+</network-security-config>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql
new file mode 100644
index 00000000000..22238774af5
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql
@@ -0,0 +1,23 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.security.AndroidCertificatePinningQuery
+
+class Test extends InlineExpectationsTest {
+  Test() { this = "AndroidMissingCertificatePinningTest" }
+
+  override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
+
+  override predicate hasActualResult(Location loc, string el, string tag, string value) {
+    exists(DataFlow::Node node |
+      missingPinning(node) and
+      loc = node.getLocation() and
+      el = node.toString() and
+      value = "" and
+      (
+        if exists(string x | trustedDomain(x))
+        then tag = "hasUntrustedResult"
+        else tag = "hasNoTrustedResult"
+      )
+    )
+  }
+}
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/AndroidManifest.xml
new file mode 100644
index 00000000000..da5cdabce67
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/AndroidManifest.xml
@@ -0,0 +1,10 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.app"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="0.1" >
+
+    <application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
+    </application>
+
+</manifest>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/R.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/R.java
new file mode 100644
index 00000000000..16f953ea106
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/R.java
@@ -0,0 +1,7 @@
+package com.example;
+
+class R {
+    static final class raw {
+        static final int cert = 0;
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/Test.java b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/Test.java
new file mode 100644
index 00000000000..00aa99775c1
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/Test.java
@@ -0,0 +1,35 @@
+package com.example;
+
+import java.net.URL;
+import java.net.URLConnection;
+import java.io.InputStream;
+import java.security.KeyStore;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import android.content.res.Resources;
+
+class Test{
+    void init(Resources resources) throws Exception {
+        KeyStore keyStore = KeyStore.getInstance("BKS");
+        keyStore.load(resources.openRawResource(R.raw.cert), null);
+
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init(keyStore);
+
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(null, tmf.getTrustManagers(), null);
+
+        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
+    }
+
+    URLConnection test1() throws Exception {
+        URL url = new URL("http://www.example.com/");
+        return url.openConnection(); 
+    }
+
+    InputStream test2() throws Exception {
+        URL url = new URL("http://www.example.com/");
+        return url.openStream(); 
+    }
+}
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/options b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/options
new file mode 100644
index 00000000000..7d1644b057b
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/options
@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/res/xml/NetworkSecurityConfig.xml b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/res/xml/NetworkSecurityConfig.xml
new file mode 100644
index 00000000000..3fd128a05a2
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/res/xml/NetworkSecurityConfig.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+
+</network-security-config>
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.expected b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.expected
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql
new file mode 100644
index 00000000000..22238774af5
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql
@@ -0,0 +1,23 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.security.AndroidCertificatePinningQuery
+
+class Test extends InlineExpectationsTest {
+  Test() { this = "AndroidMissingCertificatePinningTest" }
+
+  override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
+
+  override predicate hasActualResult(Location loc, string el, string tag, string value) {
+    exists(DataFlow::Node node |
+      missingPinning(node) and
+      loc = node.getLocation() and
+      el = node.toString() and
+      value = "" and
+      (
+        if exists(string x | trustedDomain(x))
+        then tag = "hasUntrustedResult"
+        else tag = "hasNoTrustedResult"
+      )
+    )
+  }
+}

From 749ecab6b1035b5d1f25f1bb34ac690f2e6d61b1 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Fri, 25 Nov 2022 16:42:59 +0000
Subject: [PATCH 30/93] Add security severity

---
 .../src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
index 60328fac38e..ac36cad88e3 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
@@ -3,6 +3,7 @@
  * @description Network communication should use certificate pinning.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.5
  * @precision medium
  * @id java/android/missing-certificate-pinning
  * @tags security

From ceb253e6d1055fce124afa781c6d0bb34c0c9187 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Wed, 30 Nov 2022 11:29:45 +0000
Subject: [PATCH 31/93] Add qhelp

---
 .../AndroidMissingCertificatePinning.qhelp    | 46 +++++++++++++++++++
 .../AndroidMissingCertificatePinning1.java    |  2 +
 .../AndroidMissingCertificatePinning2.xml     | 21 +++++++++
 .../AndroidMissingCertificatePinning3.java    | 26 +++++++++++
 4 files changed, 95 insertions(+)
 create mode 100644 java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp
 create mode 100644 java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java
 create mode 100644 java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning2.xml
 create mode 100644 java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java

diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp
new file mode 100644
index 00000000000..dbadf7a6fb7
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp
@@ -0,0 +1,46 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+Certificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default.
+In Android applications, it is reccomended to use certificate pinning when communicating over the network, 
+in order to minimize the risk of machine-in-the-middle attacks from a comprimised CA.
+</overview>
+
+<recommendation>
+<p>
+The easiest way to implement certificate pinning is to declare your pins in a <code>network-security-config</code> XML file. 
+This will automatically provide certificate pinning for any network connection made by the app.
+</p>
+<p>
+Another way to implement certificate pinning is to use the `CertificatePinner` from the `okhttp` library. 
+</p>
+<p>
+A final way to implement certificate pinning is to use a <code>TrustManager</code>, initialized from a <code>KeyStore</code> loaded with only the neccesary certificates.
+</p>
+
+</recommendation>
+
+<example>
+<p>
+In the first (bad) case below, a network call is performed with no certificate pinning implemented. 
+The other (good) cases demonstrate the different ways to implement certificate pinning. 
+</p>
+<sample src="AndroidMissingCertificatePinning1.java" />
+<sample src="AndroidMissingCertificatePinning2.xml" />
+<sample src="AndroidMissingCertificatePinning3.java" />
+</example>
+
+<references>
+  <li>
+    OWASP Mobile Security: <a href="https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05g-testing-network-communication#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4">Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4)</a>
+  </li>
+  <li>
+    Android Developers: <a href="https://developer.android.com/training/articles/security-config">Network security configuration</a>
+  </li>
+  <li>
+    OkHttp: <a href="https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/">CertificatePinner</a>
+  </li>
+</references>
+</qhelp>
diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java
new file mode 100644
index 00000000000..78d80ea882f
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java
@@ -0,0 +1,2 @@
+// BAD - By default, this network cal does not use certificate pinning
+URLConnection conn = new URL("https://example.com").openonnection();
\ No newline at end of file
diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning2.xml b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning2.xml
new file mode 100644
index 00000000000..dd656b97ba2
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning2.xml
@@ -0,0 +1,21 @@
+<!-- GOOD: Certificate pinning implemented via a Network Security Config file -->
+
+<!-- In AndroidManifest.xml -->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.app">
+
+    <application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
+        ...
+    </application>
+
+</manifest>
+
+<!-- In res/xml/NetworkSecurityConfig.xml -->
+<network-security-config>
+    <domain-config>
+        <domain>good.example.com</domain>
+        <pin-set expiration="2038/1/19">
+            <pin digest="SHA-256">...</pin>
+        </pin-set>
+    </domain-config>
+</network-security-config>
\ No newline at end of file
diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java
new file mode 100644
index 00000000000..08327d7636e
--- /dev/null
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java
@@ -0,0 +1,26 @@
+// GOOD: Certificate pinning implemented via okhttp3.CertificatePinner 
+CertificatePinner certificatePinner = new CertificatePinner.Builder()
+    .add("example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
+    .build();
+OkHttpClient client = new OkHttpClient.Builder()
+    .certificatePinner(certificatePinner)
+    .build();
+
+client.newCall(new Request.Builder().url("https://example.com").build()).execute();
+
+
+
+// GOOD: Certificate pinning implemented vis a TrustManager
+KeyStore keyStore = KeyStore.getInstance("BKS");
+keyStore.load(resources.openRawResource(R.raw.cert), null);
+
+TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+tmf.init(keyStore);
+
+SSLContext sslContext = SSLContext.getInstance("TLS");
+sslContext.init(null, tmf.getTrustManagers(), null);
+
+URL url = new URL("http://www.example.com/");
+HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); 
+
+urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
\ No newline at end of file

From 603c1c1693c9d637c224707e7f6ed1aa90e1384c Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Wed, 30 Nov 2022 11:37:08 +0000
Subject: [PATCH 32/93] Add the domain used to the alert message

---
 .../security/AndroidCertificatePinningQuery.qll   | 15 ++++++++++++---
 .../CWE-295/AndroidMissingCertificatePinning.ql   | 10 +++++-----
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index 9d8a7bc29b2..7c1a034363b 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -128,12 +128,21 @@ private class UntrustedUrlConfig extends TaintTracking::Configuration {
 }
 
 /** Holds if `node` is a network communication call for which certificate pinning is not implemented. */
-predicate missingPinning(DataFlow::Node node) {
+predicate missingPinning(DataFlow::Node node, string domain) {
   isAndroid() and
   node instanceof MissingPinningSink and
   (
-    not exists(string s | trustedDomain(s))
+    not exists(string s | trustedDomain(s)) and
+    domain = ""
     or
-    exists(UntrustedUrlConfig conf | conf.hasFlow(_, node))
+    exists(UntrustedUrlConfig conf, DataFlow::Node src |
+      conf.hasFlow(src, node) and
+      domain = getDomain(src.asExpr())
+    )
   )
 }
+
+/** Gets the domain name from the given string literal */
+private string getDomain(CompileTimeConstantExpr expr) {
+  result = expr.getStringValue().regexpCapture("(https?://)?([^/]*)/?", 2)
+}
diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
index ac36cad88e3..829dec1de3b 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
@@ -13,10 +13,10 @@
 import java
 import semmle.code.java.security.AndroidCertificatePinningQuery
 
-from DataFlow::Node node, string msg
+from DataFlow::Node node, string domain, string msg
 where
-  missingPinning(node) and
-  if exists(string x | trustedDomain(x))
-  then msg = "(untrusted domain)"
-  else msg = "(no trusted domains)"
+  missingPinning(node, domain) and
+  if domain = ""
+  then msg = "(no explicitly trusted domains)"
+  else msg = "(" + domain + " is not trusted by a pin)"
 select node, "This network call does not implement certificate pinning. " + msg

From fae404300802a235c235295b7fa17168bed89aa5 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Wed, 30 Nov 2022 11:40:57 +0000
Subject: [PATCH 33/93] Add change note

---
 .../change-notes/2022-11-31-android-certificate-pinning.md    | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 java/ql/src/change-notes/2022-11-31-android-certificate-pinning.md

diff --git a/java/ql/src/change-notes/2022-11-31-android-certificate-pinning.md b/java/ql/src/change-notes/2022-11-31-android-certificate-pinning.md
new file mode 100644
index 00000000000..3ec8f19aa18
--- /dev/null
+++ b/java/ql/src/change-notes/2022-11-31-android-certificate-pinning.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `java/android/missing-certificate-pinning`, to find network calls where certificate pinning is not implemented.
\ No newline at end of file

From a14ebb7c039cfeda6d63fd1942ef9b446d910eca Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Wed, 30 Nov 2022 11:42:19 +0000
Subject: [PATCH 34/93] Fixes

---
 .../code/java/security/AndroidCertificatePinningQuery.qll       | 2 +-
 .../Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp | 2 ++
 ...ate-pinning.md => 2022-11-30-android-certificate-pinning.md} | 0
 .../CWE-295/AndroidMissingCertificatePinning/Test1/test.ql      | 2 +-
 .../CWE-295/AndroidMissingCertificatePinning/Test2/test.ql      | 2 +-
 .../CWE-295/AndroidMissingCertificatePinning/Test3/test.ql      | 2 +-
 .../CWE-295/AndroidMissingCertificatePinning/Test4/test.ql      | 2 +-
 .../CWE-295/AndroidMissingCertificatePinning/Test5/test.ql      | 2 +-
 8 files changed, 8 insertions(+), 6 deletions(-)
 rename java/ql/src/change-notes/{2022-11-31-android-certificate-pinning.md => 2022-11-30-android-certificate-pinning.md} (100%)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index 7c1a034363b..c8cf09bd0e9 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -144,5 +144,5 @@ predicate missingPinning(DataFlow::Node node, string domain) {
 
 /** Gets the domain name from the given string literal */
 private string getDomain(CompileTimeConstantExpr expr) {
-  result = expr.getStringValue().regexpCapture("(https?://)?([^/]*)/?", 2)
+  result = expr.getStringValue().regexpCapture("(https?://)?([^/]*)(/.*)?", 2)
 }
diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp
index dbadf7a6fb7..db97c98250e 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp
@@ -3,9 +3,11 @@
   "qhelp.dtd">
 <qhelp>
 <overview>
+<p>
 Certificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default.
 In Android applications, it is reccomended to use certificate pinning when communicating over the network, 
 in order to minimize the risk of machine-in-the-middle attacks from a comprimised CA.
+</p>
 </overview>
 
 <recommendation>
diff --git a/java/ql/src/change-notes/2022-11-31-android-certificate-pinning.md b/java/ql/src/change-notes/2022-11-30-android-certificate-pinning.md
similarity index 100%
rename from java/ql/src/change-notes/2022-11-31-android-certificate-pinning.md
rename to java/ql/src/change-notes/2022-11-30-android-certificate-pinning.md
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql
index 22238774af5..6dc626a59e0 100644
--- a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql
@@ -9,7 +9,7 @@ class Test extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location loc, string el, string tag, string value) {
     exists(DataFlow::Node node |
-      missingPinning(node) and
+      missingPinning(node, _) and
       loc = node.getLocation() and
       el = node.toString() and
       value = "" and
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql
index 22238774af5..6dc626a59e0 100644
--- a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql
@@ -9,7 +9,7 @@ class Test extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location loc, string el, string tag, string value) {
     exists(DataFlow::Node node |
-      missingPinning(node) and
+      missingPinning(node, _) and
       loc = node.getLocation() and
       el = node.toString() and
       value = "" and
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql
index 22238774af5..6dc626a59e0 100644
--- a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql
@@ -9,7 +9,7 @@ class Test extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location loc, string el, string tag, string value) {
     exists(DataFlow::Node node |
-      missingPinning(node) and
+      missingPinning(node, _) and
       loc = node.getLocation() and
       el = node.toString() and
       value = "" and
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql
index 22238774af5..6dc626a59e0 100644
--- a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql
@@ -9,7 +9,7 @@ class Test extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location loc, string el, string tag, string value) {
     exists(DataFlow::Node node |
-      missingPinning(node) and
+      missingPinning(node, _) and
       loc = node.getLocation() and
       el = node.toString() and
       value = "" and
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql
index 22238774af5..6dc626a59e0 100644
--- a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql
@@ -9,7 +9,7 @@ class Test extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location loc, string el, string tag, string value) {
     exists(DataFlow::Node node |
-      missingPinning(node) and
+      missingPinning(node, _) and
       loc = node.getLocation() and
       el = node.toString() and
       value = "" and

From 2be68b2f1d90cff45f70bb86024812c3480eca98 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Thu, 8 Dec 2022 15:12:14 +0000
Subject: [PATCH 35/93] Apply suggestions from code review

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
---
 .../AndroidCertificatePinningQuery.qll        | 37 ++++++++-----------
 1 file changed, 16 insertions(+), 21 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index c8cf09bd0e9..53f8ef805ca 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -3,6 +3,8 @@
 import java
 import semmle.code.xml.AndroidManifest
 import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.frameworks.Networking
+import semmle.code.java.security.Encryption
 import HttpsUrls
 
 /** An Android Network Security Configuration XML file. */
@@ -58,21 +60,17 @@ predicate trustedDomain(string domainName) {
  * `default` is true if the default SSL socket factory for all URLs is being set.
  */
 private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean default) {
-  exists(MethodAccess getSocketFactory, MethodAccess initSslContext, string methodName |
-    setSocketFactory
-        .getMethod()
-        .getASourceOverriddenMethod*()
-        .hasQualifiedName("javax.net.ssl", "HttpsURLConnection", methodName) and
-    (
-      default = true and methodName = "setDefaultSSLSocketFactory"
+   exists(MethodAccess getSocketFactory, MethodAccess initSslContext |
+    exists(Method m | setSocketFactory.getMethod().getASourceOverriddenMethod*() = m |
+      default = true and
+      m.getDeclaringType() instanceof HttpsUrlConnection and
+      m.hasName("setDefaultSSLSocketFactory")
       or
-      default = false and methodName = "setSSLSocketFactory"
+      default = false and m instanceof SetConnectionFactoryMethod
     ) and
-    initSslContext.getMethod().hasQualifiedName("javax.net.ssl", "SSLContext", "init") and
-    getSocketFactory
-        .getMethod()
-        .getASourceOverriddenMethod*()
-        .hasQualifiedName("javax.net.ssl", "SSLContext", "getSocketFactory") and
+    initSslContext.getMethod().getDeclaringType() instanceof SslContext and
+    initSslContext.getMethod().hasName("init") and
+    getSocketFactory.getMethod().getASourceOverriddenMethod*() instanceof GetSocketFactory and
     not initSslContext.getArgument(1) instanceof NullLiteral and
     DataFlow::localExprFlow(initSslContext.getQualifier(), getSocketFactory.getQualifier()) and
     DataFlow::localExprFlow(getSocketFactory, setSocketFactory.getArgument(0))
@@ -85,10 +83,7 @@ private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean de
  */
 private predicate trustedUrlConnection(Expr url) {
   exists(MethodAccess openCon |
-    openCon
-        .getMethod()
-        .getASourceOverriddenMethod*()
-        .hasQualifiedName("java.net", "URL", "openConnection") and
+    openCon.getMethod().getASourceOverriddenMethod*() instanceof UrlOpenConnectionMethod and
     url = openCon.getQualifier() and
     exists(MethodAccess setSocketFactory |
       trustedSocketFactory(setSocketFactory, false) and
@@ -97,10 +92,10 @@ private predicate trustedUrlConnection(Expr url) {
   )
   or
   trustedSocketFactory(_, true) and
-  exists(MethodAccess open |
-    open.getMethod()
-        .getASourceOverriddenMethod*()
-        .hasQualifiedName("java.net", "URL", ["openConnection", "openStream"]) and
+  exists(MethodAccess open, Method m |
+    m instanceof UrlOpenConnectionMethod or m instanceof UrlOpenStreamMethod
+  |
+    open.getMethod().getASourceOverriddenMethod*() = m and
     url = open.getQualifier()
   )
 }

From 0dea5daffe98c2ebdd6e2d92e4ff7f0a846fa773 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Thu, 8 Dec 2022 15:19:50 +0000
Subject: [PATCH 36/93] Change import for consistency, fix some typos

---
 .../code/java/security/AndroidCertificatePinningQuery.qll | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index 53f8ef805ca..fc57af95b98 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -5,7 +5,7 @@ import semmle.code.xml.AndroidManifest
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.frameworks.Networking
 import semmle.code.java.security.Encryption
-import HttpsUrls
+import semmle.code.java.security.HttpsUrls
 
 /** An Android Network Security Configuration XML file. */
 class AndroidNetworkSecurityConfigFile extends XmlFile {
@@ -47,7 +47,7 @@ private predicate trustedDomainViaOkHttp(string domainName) {
   )
 }
 
-/** Holds if the given domain name is trusted by some certifiacte pinning implementation. */
+/** Holds if the given domain name is trusted by some certificate pinning implementation. */
 predicate trustedDomain(string domainName) {
   trustedDomainViaXml(domainName)
   or
@@ -56,11 +56,11 @@ predicate trustedDomain(string domainName) {
 
 /**
  * Holds if `setSocketFactory` is a call to `HttpsURLConnection.setSSLSocketFactory` or `HttpsURLConnection.setDefaultSSLSocketFactory`
- * that uses a socket factory derrived from a `TrustManager`.
+ * that uses a socket factory derived from a `TrustManager`.
  * `default` is true if the default SSL socket factory for all URLs is being set.
  */
 private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean default) {
-   exists(MethodAccess getSocketFactory, MethodAccess initSslContext |
+  exists(MethodAccess getSocketFactory, MethodAccess initSslContext |
     exists(Method m | setSocketFactory.getMethod().getASourceOverriddenMethod*() = m |
       default = true and
       m.getDeclaringType() instanceof HttpsUrlConnection and

From 8de5efb28fde92f24a757e7efc741f92c28ec20b Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Thu, 8 Dec 2022 15:24:32 +0000
Subject: [PATCH 37/93] Add SetDefaultConnectionFactoryMethod class

---
 .../code/java/security/AndroidCertificatePinningQuery.qll  | 6 ++----
 java/ql/lib/semmle/code/java/security/Encryption.qll       | 7 +++++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index fc57af95b98..19ab883efa2 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -61,10 +61,8 @@ predicate trustedDomain(string domainName) {
  */
 private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean default) {
   exists(MethodAccess getSocketFactory, MethodAccess initSslContext |
-    exists(Method m | setSocketFactory.getMethod().getASourceOverriddenMethod*() = m |
-      default = true and
-      m.getDeclaringType() instanceof HttpsUrlConnection and
-      m.hasName("setDefaultSSLSocketFactory")
+    exists(Method m | setSocketFactory.getMethod() = m |
+      default = true and m instanceof SetDefaultConnectionFactoryMethod
       or
       default = false and m instanceof SetConnectionFactoryMethod
     ) and
diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll
index 042018d3e34..fa1428e12cc 100644
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -150,6 +150,13 @@ class SetConnectionFactoryMethod extends Method {
   }
 }
 
+class SetDefaultConnectionFactoryMethod extends Method {
+  SetDefaultConnectionFactoryMethod() {
+    this.hasName("setDefaultSSLSocketFactory") and
+    this.getDeclaringType().getAnAncestor() instanceof HttpsUrlConnection
+  }
+}
+
 class SetHostnameVerifierMethod extends Method {
   SetHostnameVerifierMethod() {
     this.hasName("setHostnameVerifier") and

From 12dc11aa1889176811441657ac01e891887de1db Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Fri, 9 Dec 2022 15:07:49 +0000
Subject: [PATCH 38/93] Add qldoc

---
 java/ql/lib/semmle/code/java/security/Encryption.qll | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll
index fa1428e12cc..a8c8f077884 100644
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -143,6 +143,7 @@ class CreateSslEngineMethod extends Method {
   }
 }
 
+/** The `setConnectionFactory` method of the class `javax.net.ssl.HttpsURLConnection`. */
 class SetConnectionFactoryMethod extends Method {
   SetConnectionFactoryMethod() {
     this.hasName("setSSLSocketFactory") and
@@ -150,6 +151,7 @@ class SetConnectionFactoryMethod extends Method {
   }
 }
 
+/** The `setDefaultConnectionFactory` method of the class `javax.net.ssl.HttpsURLConnection`. */
 class SetDefaultConnectionFactoryMethod extends Method {
   SetDefaultConnectionFactoryMethod() {
     this.hasName("setDefaultSSLSocketFactory") and

From af08fe8659f651d7e0f8f0cd78b40cc30bc34f33 Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Sat, 10 Dec 2022 15:32:22 +0000
Subject: [PATCH 39/93] Add change note re: Kotlin version limit

---
 java/ql/src/change-notes/2022-12-10-kotlin-max-version.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 java/ql/src/change-notes/2022-12-10-kotlin-max-version.md

diff --git a/java/ql/src/change-notes/2022-12-10-kotlin-max-version.md b/java/ql/src/change-notes/2022-12-10-kotlin-max-version.md
new file mode 100644
index 00000000000..9c87671dd97
--- /dev/null
+++ b/java/ql/src/change-notes/2022-12-10-kotlin-max-version.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Kotlin extraction will now fail if the Kotlin version in use is at least 1.7.30. This is to ensure using an as-yet-unsupported version is noticable, rather than silently failing to extract Kotlin code and therefore producing false-negative results.

From 0b2fb4f70a221434560fedc5f519381b9ab7817e Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions@github.com>
Date: Sat, 10 Dec 2022 15:49:35 +0000
Subject: [PATCH 40/93] Release preparation for version 2.11.6

---
 cpp/ql/lib/CHANGELOG.md                                    | 4 ++++
 cpp/ql/lib/change-notes/released/0.4.6.md                  | 3 +++
 cpp/ql/lib/codeql-pack.release.yml                         | 2 +-
 cpp/ql/lib/qlpack.yml                                      | 2 +-
 cpp/ql/src/CHANGELOG.md                                    | 4 ++++
 cpp/ql/src/change-notes/released/0.4.6.md                  | 3 +++
 cpp/ql/src/codeql-pack.release.yml                         | 2 +-
 cpp/ql/src/qlpack.yml                                      | 2 +-
 csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md            | 4 ++++
 .../Solorigate/lib/change-notes/released/1.3.6.md          | 3 +++
 csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml | 2 +-
 csharp/ql/campaigns/Solorigate/lib/qlpack.yml              | 2 +-
 csharp/ql/campaigns/Solorigate/src/CHANGELOG.md            | 4 ++++
 .../Solorigate/src/change-notes/released/1.3.6.md          | 3 +++
 csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml | 2 +-
 csharp/ql/campaigns/Solorigate/src/qlpack.yml              | 2 +-
 csharp/ql/lib/CHANGELOG.md                                 | 4 ++++
 csharp/ql/lib/change-notes/released/0.4.6.md               | 3 +++
 csharp/ql/lib/codeql-pack.release.yml                      | 2 +-
 csharp/ql/lib/qlpack.yml                                   | 2 +-
 csharp/ql/src/CHANGELOG.md                                 | 4 ++++
 csharp/ql/src/change-notes/released/0.4.6.md               | 3 +++
 csharp/ql/src/codeql-pack.release.yml                      | 2 +-
 csharp/ql/src/qlpack.yml                                   | 2 +-
 go/ql/lib/CHANGELOG.md                                     | 4 ++++
 go/ql/lib/change-notes/released/0.3.6.md                   | 3 +++
 go/ql/lib/codeql-pack.release.yml                          | 2 +-
 go/ql/lib/qlpack.yml                                       | 2 +-
 go/ql/src/CHANGELOG.md                                     | 4 ++++
 go/ql/src/change-notes/released/0.3.6.md                   | 3 +++
 go/ql/src/codeql-pack.release.yml                          | 2 +-
 go/ql/src/qlpack.yml                                       | 2 +-
 java/ql/lib/CHANGELOG.md                                   | 4 ++++
 java/ql/lib/change-notes/released/0.4.6.md                 | 3 +++
 java/ql/lib/codeql-pack.release.yml                        | 2 +-
 java/ql/lib/qlpack.yml                                     | 2 +-
 java/ql/src/CHANGELOG.md                                   | 6 ++++++
 .../0.4.6.md}                                              | 7 ++++---
 java/ql/src/codeql-pack.release.yml                        | 2 +-
 java/ql/src/qlpack.yml                                     | 2 +-
 javascript/ql/lib/CHANGELOG.md                             | 4 ++++
 javascript/ql/lib/change-notes/released/0.3.6.md           | 3 +++
 javascript/ql/lib/codeql-pack.release.yml                  | 2 +-
 javascript/ql/lib/qlpack.yml                               | 2 +-
 javascript/ql/src/CHANGELOG.md                             | 4 ++++
 javascript/ql/src/change-notes/released/0.4.6.md           | 3 +++
 javascript/ql/src/codeql-pack.release.yml                  | 2 +-
 javascript/ql/src/qlpack.yml                               | 2 +-
 misc/suite-helpers/CHANGELOG.md                            | 4 ++++
 misc/suite-helpers/change-notes/released/0.3.6.md          | 3 +++
 misc/suite-helpers/codeql-pack.release.yml                 | 2 +-
 misc/suite-helpers/qlpack.yml                              | 2 +-
 python/ql/lib/CHANGELOG.md                                 | 4 ++++
 python/ql/lib/change-notes/released/0.6.6.md               | 3 +++
 python/ql/lib/codeql-pack.release.yml                      | 2 +-
 python/ql/lib/qlpack.yml                                   | 2 +-
 python/ql/src/CHANGELOG.md                                 | 4 ++++
 python/ql/src/change-notes/released/0.5.6.md               | 3 +++
 python/ql/src/codeql-pack.release.yml                      | 2 +-
 python/ql/src/qlpack.yml                                   | 2 +-
 ruby/ql/lib/CHANGELOG.md                                   | 4 ++++
 ruby/ql/lib/change-notes/released/0.4.6.md                 | 3 +++
 ruby/ql/lib/codeql-pack.release.yml                        | 2 +-
 ruby/ql/lib/qlpack.yml                                     | 2 +-
 ruby/ql/src/CHANGELOG.md                                   | 4 ++++
 ruby/ql/src/change-notes/released/0.4.6.md                 | 3 +++
 ruby/ql/src/codeql-pack.release.yml                        | 2 +-
 ruby/ql/src/qlpack.yml                                     | 2 +-
 shared/regex/CHANGELOG.md                                  | 4 ++++
 shared/regex/change-notes/released/0.0.3.md                | 3 +++
 shared/regex/codeql-pack.release.yml                       | 2 +-
 shared/regex/qlpack.yml                                    | 2 +-
 shared/ssa/CHANGELOG.md                                    | 4 ++++
 shared/ssa/change-notes/released/0.0.7.md                  | 3 +++
 shared/ssa/codeql-pack.release.yml                         | 2 +-
 shared/ssa/qlpack.yml                                      | 2 +-
 shared/typos/CHANGELOG.md                                  | 4 ++++
 shared/typos/change-notes/released/0.0.7.md                | 3 +++
 shared/typos/codeql-pack.release.yml                       | 2 +-
 shared/typos/qlpack.yml                                    | 2 +-
 80 files changed, 183 insertions(+), 43 deletions(-)
 create mode 100644 cpp/ql/lib/change-notes/released/0.4.6.md
 create mode 100644 cpp/ql/src/change-notes/released/0.4.6.md
 create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md
 create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md
 create mode 100644 csharp/ql/lib/change-notes/released/0.4.6.md
 create mode 100644 csharp/ql/src/change-notes/released/0.4.6.md
 create mode 100644 go/ql/lib/change-notes/released/0.3.6.md
 create mode 100644 go/ql/src/change-notes/released/0.3.6.md
 create mode 100644 java/ql/lib/change-notes/released/0.4.6.md
 rename java/ql/src/change-notes/{2022-12-10-kotlin-max-version.md => released/0.4.6.md} (85%)
 create mode 100644 javascript/ql/lib/change-notes/released/0.3.6.md
 create mode 100644 javascript/ql/src/change-notes/released/0.4.6.md
 create mode 100644 misc/suite-helpers/change-notes/released/0.3.6.md
 create mode 100644 python/ql/lib/change-notes/released/0.6.6.md
 create mode 100644 python/ql/src/change-notes/released/0.5.6.md
 create mode 100644 ruby/ql/lib/change-notes/released/0.4.6.md
 create mode 100644 ruby/ql/src/change-notes/released/0.4.6.md
 create mode 100644 shared/regex/change-notes/released/0.0.3.md
 create mode 100644 shared/ssa/change-notes/released/0.0.7.md
 create mode 100644 shared/typos/change-notes/released/0.0.7.md

diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md
index 132d1bf3537..6fa6f76aabd 100644
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.6
+
+No user-facing changes.
+
 ## 0.4.5
 
 No user-facing changes.
diff --git a/cpp/ql/lib/change-notes/released/0.4.6.md b/cpp/ql/lib/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/cpp/ql/lib/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml
index 466cd01cf4e..2b842473675 100644
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.5
+lastReleaseVersion: 0.4.6
diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml
index 585ab2170e5..80867fab833 100644
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.4.6-dev
+version: 0.4.6
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md
index c50e54bd80f..5cfd60bc84c 100644
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.6
+
+No user-facing changes.
+
 ## 0.4.5
 
 No user-facing changes.
diff --git a/cpp/ql/src/change-notes/released/0.4.6.md b/cpp/ql/src/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/cpp/ql/src/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml
index 466cd01cf4e..2b842473675 100644
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.5
+lastReleaseVersion: 0.4.6
diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml
index 75d3e65c592..4cc022a1590 100644
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.4.6-dev
+version: 0.4.6
 groups: 
   - cpp
   - queries
diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
index d34f03b0e37..8d5d8f7df35 100644
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.3.6
+
+No user-facing changes.
+
 ## 1.3.5
 
 No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md
new file mode 100644
index 00000000000..ce7baecf210
--- /dev/null
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md
@@ -0,0 +1,3 @@
+## 1.3.6
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
index 1e1845ea66d..0a0b0986311 100644
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.5
+lastReleaseVersion: 1.3.6
diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
index d10c89a3f5c..119ce73e54f 100644
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.3.6-dev
+version: 1.3.6
 groups:
     - csharp
     - solorigate
diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
index d34f03b0e37..8d5d8f7df35 100644
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.3.6
+
+No user-facing changes.
+
 ## 1.3.5
 
 No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md
new file mode 100644
index 00000000000..ce7baecf210
--- /dev/null
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md
@@ -0,0 +1,3 @@
+## 1.3.6
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
index 1e1845ea66d..0a0b0986311 100644
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.5
+lastReleaseVersion: 1.3.6
diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
index 98c95da4b03..cf800993043 100644
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.3.6-dev
+version: 1.3.6
 groups:
     - csharp
     - solorigate
diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md
index 438927d036b..0dbf4820b2a 100644
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.6
+
+No user-facing changes.
+
 ## 0.4.5
 
 No user-facing changes.
diff --git a/csharp/ql/lib/change-notes/released/0.4.6.md b/csharp/ql/lib/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/csharp/ql/lib/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml
index 466cd01cf4e..2b842473675 100644
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.5
+lastReleaseVersion: 0.4.6
diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml
index 05eb16f3750..20d1d7d6b74 100644
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.4.6-dev
+version: 0.4.6
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md
index 57d44189f70..8110355ef6a 100644
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.6
+
+No user-facing changes.
+
 ## 0.4.5
 
 No user-facing changes.
diff --git a/csharp/ql/src/change-notes/released/0.4.6.md b/csharp/ql/src/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/csharp/ql/src/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml
index 466cd01cf4e..2b842473675 100644
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.5
+lastReleaseVersion: 0.4.6
diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml
index f7da9740b21..35c8c90ebb4 100644
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.4.6-dev
+version: 0.4.6
 groups: 
   - csharp
   - queries
diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md
index a24d1c5919b..ba72eb8950a 100644
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.3.6
+
+No user-facing changes.
+
 ## 0.3.5
 
 No user-facing changes.
diff --git a/go/ql/lib/change-notes/released/0.3.6.md b/go/ql/lib/change-notes/released/0.3.6.md
new file mode 100644
index 00000000000..0c7a392e88f
--- /dev/null
+++ b/go/ql/lib/change-notes/released/0.3.6.md
@@ -0,0 +1,3 @@
+## 0.3.6
+
+No user-facing changes.
diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml
index 468917f2543..7bbaa8987dd 100644
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.5
+lastReleaseVersion: 0.3.6
diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml
index b9088307812..6ec12d0956d 100644
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.3.6-dev
+version: 0.3.6
 groups: go
 dbscheme: go.dbscheme
 extractor: go
diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md
index 0ab2f98312a..aed077e28d9 100644
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.3.6
+
+No user-facing changes.
+
 ## 0.3.5
 
 No user-facing changes.
diff --git a/go/ql/src/change-notes/released/0.3.6.md b/go/ql/src/change-notes/released/0.3.6.md
new file mode 100644
index 00000000000..0c7a392e88f
--- /dev/null
+++ b/go/ql/src/change-notes/released/0.3.6.md
@@ -0,0 +1,3 @@
+## 0.3.6
+
+No user-facing changes.
diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml
index 468917f2543..7bbaa8987dd 100644
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.5
+lastReleaseVersion: 0.3.6
diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml
index 7d586cfb931..c8e34582560 100644
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.3.6-dev
+version: 0.3.6
 groups:
   - go
   - queries
diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md
index 56dfcebfb1f..21b8949ce62 100644
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.6
+
+No user-facing changes.
+
 ## 0.4.5
 
 No user-facing changes.
diff --git a/java/ql/lib/change-notes/released/0.4.6.md b/java/ql/lib/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/java/ql/lib/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml
index 466cd01cf4e..2b842473675 100644
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.5
+lastReleaseVersion: 0.4.6
diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml
index f4040ca5619..b4fa6097149 100644
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.4.6-dev
+version: 0.4.6
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md
index 5de970b8981..7bab127cafc 100644
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.4.6
+
+### Minor Analysis Improvements
+
+* Kotlin extraction will now fail if the Kotlin version in use is at least 1.7.30. This is to ensure using an as-yet-unsupported version is noticable, rather than silently failing to extract Kotlin code and therefore producing false-negative results.
+
 ## 0.4.5
 
 No user-facing changes.
diff --git a/java/ql/src/change-notes/2022-12-10-kotlin-max-version.md b/java/ql/src/change-notes/released/0.4.6.md
similarity index 85%
rename from java/ql/src/change-notes/2022-12-10-kotlin-max-version.md
rename to java/ql/src/change-notes/released/0.4.6.md
index 9c87671dd97..ae160f06a20 100644
--- a/java/ql/src/change-notes/2022-12-10-kotlin-max-version.md
+++ b/java/ql/src/change-notes/released/0.4.6.md
@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.4.6
+
+### Minor Analysis Improvements
+
 * Kotlin extraction will now fail if the Kotlin version in use is at least 1.7.30. This is to ensure using an as-yet-unsupported version is noticable, rather than silently failing to extract Kotlin code and therefore producing false-negative results.
diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml
index 466cd01cf4e..2b842473675 100644
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.5
+lastReleaseVersion: 0.4.6
diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml
index 00070f5ccf2..b8abfe36e16 100644
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.4.6-dev
+version: 0.4.6
 groups: 
   - java
   - queries
diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md
index 7c3e43e8a0a..b6dc74b4a65 100644
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.3.6
+
+No user-facing changes.
+
 ## 0.3.5
 
 No user-facing changes.
diff --git a/javascript/ql/lib/change-notes/released/0.3.6.md b/javascript/ql/lib/change-notes/released/0.3.6.md
new file mode 100644
index 00000000000..0c7a392e88f
--- /dev/null
+++ b/javascript/ql/lib/change-notes/released/0.3.6.md
@@ -0,0 +1,3 @@
+## 0.3.6
+
+No user-facing changes.
diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml
index 468917f2543..7bbaa8987dd 100644
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.5
+lastReleaseVersion: 0.3.6
diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml
index 0eb9a36345a..4bbe50ae2ea 100644
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.3.6-dev
+version: 0.3.6
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md
index e15a58fe74d..37e184e9490 100644
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.6
+
+No user-facing changes.
+
 ## 0.4.5
 
 No user-facing changes.
diff --git a/javascript/ql/src/change-notes/released/0.4.6.md b/javascript/ql/src/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/javascript/ql/src/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml
index 466cd01cf4e..2b842473675 100644
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.5
+lastReleaseVersion: 0.4.6
diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml
index b297ae8268d..85dbe345a4a 100644
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.4.6-dev
+version: 0.4.6
 groups: 
   - javascript
   - queries
diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md
index add84a5c77e..c7efd60a3c7 100644
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.3.6
+
+No user-facing changes.
+
 ## 0.3.5
 
 No user-facing changes.
diff --git a/misc/suite-helpers/change-notes/released/0.3.6.md b/misc/suite-helpers/change-notes/released/0.3.6.md
new file mode 100644
index 00000000000..0c7a392e88f
--- /dev/null
+++ b/misc/suite-helpers/change-notes/released/0.3.6.md
@@ -0,0 +1,3 @@
+## 0.3.6
+
+No user-facing changes.
diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml
index 468917f2543..7bbaa8987dd 100644
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.5
+lastReleaseVersion: 0.3.6
diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml
index 5272d0402e2..ff25ba041c8 100644
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,3 +1,3 @@
 name: codeql/suite-helpers
-version: 0.3.6-dev
+version: 0.3.6
 groups: shared
diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md
index 516f4e8307a..793438c4fb6 100644
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.6.6
+
+No user-facing changes.
+
 ## 0.6.5
 
 No user-facing changes.
diff --git a/python/ql/lib/change-notes/released/0.6.6.md b/python/ql/lib/change-notes/released/0.6.6.md
new file mode 100644
index 00000000000..ab10d897be1
--- /dev/null
+++ b/python/ql/lib/change-notes/released/0.6.6.md
@@ -0,0 +1,3 @@
+## 0.6.6
+
+No user-facing changes.
diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml
index 86780fb6148..f4cae0a77ad 100644
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.5
+lastReleaseVersion: 0.6.6
diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml
index 237c3c5b0bb..3d999d1eeb6 100644
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.6.6-dev
+version: 0.6.6
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md
index 1bd769949ae..e5d6103239d 100644
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.5.6
+
+No user-facing changes.
+
 ## 0.5.5
 
 No user-facing changes.
diff --git a/python/ql/src/change-notes/released/0.5.6.md b/python/ql/src/change-notes/released/0.5.6.md
new file mode 100644
index 00000000000..f717e01ed57
--- /dev/null
+++ b/python/ql/src/change-notes/released/0.5.6.md
@@ -0,0 +1,3 @@
+## 0.5.6
+
+No user-facing changes.
diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml
index 03e491f0899..361de279943 100644
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.5
+lastReleaseVersion: 0.5.6
diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml
index f82723bb46a..9db8396f395 100644
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.5.6-dev
+version: 0.5.6
 groups: 
   - python
   - queries
diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md
index 094859ea0dc..2e1a767da78 100644
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.6
+
+No user-facing changes.
+
 ## 0.4.5
 
 No user-facing changes.
diff --git a/ruby/ql/lib/change-notes/released/0.4.6.md b/ruby/ql/lib/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/ruby/ql/lib/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml
index 466cd01cf4e..2b842473675 100644
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.5
+lastReleaseVersion: 0.4.6
diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml
index ee703754c4e..64951c49556 100644
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.4.6-dev
+version: 0.4.6
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md
index 4cedef4f572..30c0bdbce56 100644
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.6
+
+No user-facing changes.
+
 ## 0.4.5
 
 No user-facing changes.
diff --git a/ruby/ql/src/change-notes/released/0.4.6.md b/ruby/ql/src/change-notes/released/0.4.6.md
new file mode 100644
index 00000000000..8e652998eca
--- /dev/null
+++ b/ruby/ql/src/change-notes/released/0.4.6.md
@@ -0,0 +1,3 @@
+## 0.4.6
+
+No user-facing changes.
diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml
index 466cd01cf4e..2b842473675 100644
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.5
+lastReleaseVersion: 0.4.6
diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml
index ce73dffcf88..df7aa757652 100644
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.4.6-dev
+version: 0.4.6
 groups: 
   - ruby
   - queries
diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md
index 88dc3212e64..4babb26821b 100644
--- a/shared/regex/CHANGELOG.md
+++ b/shared/regex/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.3
+
+No user-facing changes.
+
 ## 0.0.2
 
 No user-facing changes.
diff --git a/shared/regex/change-notes/released/0.0.3.md b/shared/regex/change-notes/released/0.0.3.md
new file mode 100644
index 00000000000..af7864fc7d5
--- /dev/null
+++ b/shared/regex/change-notes/released/0.0.3.md
@@ -0,0 +1,3 @@
+## 0.0.3
+
+No user-facing changes.
diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml
index 55dc06fbd76..a24b693d1e7 100644
--- a/shared/regex/codeql-pack.release.yml
+++ b/shared/regex/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.2
+lastReleaseVersion: 0.0.3
diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml
index cb2ff3557b8..a03b79a0778 100644
--- a/shared/regex/qlpack.yml
+++ b/shared/regex/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/regex
-version: 0.0.3-dev
+version: 0.0.3
 groups: shared
 library: true
 dependencies:
diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md
index e76e9fa4268..3c81fd2e095 100644
--- a/shared/ssa/CHANGELOG.md
+++ b/shared/ssa/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.7
+
+No user-facing changes.
+
 ## 0.0.6
 
 No user-facing changes.
diff --git a/shared/ssa/change-notes/released/0.0.7.md b/shared/ssa/change-notes/released/0.0.7.md
new file mode 100644
index 00000000000..84da6f18c42
--- /dev/null
+++ b/shared/ssa/change-notes/released/0.0.7.md
@@ -0,0 +1,3 @@
+## 0.0.7
+
+No user-facing changes.
diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml
index cf398ce02aa..a2a5484910b 100644
--- a/shared/ssa/codeql-pack.release.yml
+++ b/shared/ssa/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.6
+lastReleaseVersion: 0.0.7
diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml
index 0946f820a92..0d4719584ce 100644
--- a/shared/ssa/qlpack.yml
+++ b/shared/ssa/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/ssa
-version: 0.0.7-dev
+version: 0.0.7
 groups: shared
 library: true
diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md
index 1d2195d28a7..f8ea7de20ff 100644
--- a/shared/typos/CHANGELOG.md
+++ b/shared/typos/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.7
+
+No user-facing changes.
+
 ## 0.0.6
 
 No user-facing changes.
diff --git a/shared/typos/change-notes/released/0.0.7.md b/shared/typos/change-notes/released/0.0.7.md
new file mode 100644
index 00000000000..84da6f18c42
--- /dev/null
+++ b/shared/typos/change-notes/released/0.0.7.md
@@ -0,0 +1,3 @@
+## 0.0.7
+
+No user-facing changes.
diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml
index cf398ce02aa..a2a5484910b 100644
--- a/shared/typos/codeql-pack.release.yml
+++ b/shared/typos/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.6
+lastReleaseVersion: 0.0.7
diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml
index 6bfd03987de..4ce79250a0d 100644
--- a/shared/typos/qlpack.yml
+++ b/shared/typos/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/typos
-version: 0.0.7-dev
+version: 0.0.7
 groups: shared
 library: true

From 343b7b1c8bea333c9f0ef24787c85e4777ce21a8 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions@github.com>
Date: Sun, 11 Dec 2022 18:15:04 +0000
Subject: [PATCH 41/93] Post-release preparation for codeql-cli-2.11.6

---
 cpp/ql/lib/qlpack.yml                         | 2 +-
 cpp/ql/src/qlpack.yml                         | 2 +-
 csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +-
 csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +-
 csharp/ql/lib/qlpack.yml                      | 2 +-
 csharp/ql/src/qlpack.yml                      | 2 +-
 go/ql/lib/qlpack.yml                          | 2 +-
 go/ql/src/qlpack.yml                          | 2 +-
 java/ql/lib/qlpack.yml                        | 2 +-
 java/ql/src/qlpack.yml                        | 2 +-
 javascript/ql/lib/qlpack.yml                  | 2 +-
 javascript/ql/src/qlpack.yml                  | 2 +-
 misc/suite-helpers/qlpack.yml                 | 2 +-
 python/ql/lib/qlpack.yml                      | 2 +-
 python/ql/src/qlpack.yml                      | 2 +-
 ruby/ql/lib/qlpack.yml                        | 2 +-
 ruby/ql/src/qlpack.yml                        | 2 +-
 shared/regex/qlpack.yml                       | 2 +-
 shared/ssa/qlpack.yml                         | 2 +-
 shared/typos/qlpack.yml                       | 2 +-
 20 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml
index 80867fab833..b5c7ec3bd7a 100644
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.4.6
+version: 0.4.7-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml
index 4cc022a1590..603410f7946 100644
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.4.6
+version: 0.4.7-dev
 groups: 
   - cpp
   - queries
diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
index 119ce73e54f..e02e0a23130 100644
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.3.6
+version: 1.3.7-dev
 groups:
     - csharp
     - solorigate
diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
index cf800993043..06e38173f20 100644
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.3.6
+version: 1.3.7-dev
 groups:
     - csharp
     - solorigate
diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml
index 20d1d7d6b74..9ef9fd5b611 100644
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.4.6
+version: 0.4.7-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml
index 35c8c90ebb4..875aa77fff2 100644
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.4.6
+version: 0.4.7-dev
 groups: 
   - csharp
   - queries
diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml
index 6ec12d0956d..0e39e54998a 100644
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.3.6
+version: 0.3.7-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go
diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml
index c8e34582560..4427152eef6 100644
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.3.6
+version: 0.3.7-dev
 groups:
   - go
   - queries
diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml
index b4fa6097149..8bd73a555c8 100644
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.4.6
+version: 0.4.7-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml
index b8abfe36e16..032ff0b0d16 100644
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.4.6
+version: 0.4.7-dev
 groups: 
   - java
   - queries
diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml
index 4bbe50ae2ea..a3afa629da8 100644
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.3.6
+version: 0.3.7-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml
index 85dbe345a4a..25854a00154 100644
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.4.6
+version: 0.4.7-dev
 groups: 
   - javascript
   - queries
diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml
index ff25ba041c8..68b88ed9a9e 100644
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,3 +1,3 @@
 name: codeql/suite-helpers
-version: 0.3.6
+version: 0.3.7-dev
 groups: shared
diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml
index 3d999d1eeb6..b96adba40f0 100644
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.6.6
+version: 0.6.7-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml
index 9db8396f395..cb7193ce215 100644
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.5.6
+version: 0.5.7-dev
 groups: 
   - python
   - queries
diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml
index 64951c49556..449b7e28aec 100644
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.4.6
+version: 0.4.7-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml
index df7aa757652..4ab00a5bd38 100644
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.4.6
+version: 0.4.7-dev
 groups: 
   - ruby
   - queries
diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml
index a03b79a0778..6ce99fb48b6 100644
--- a/shared/regex/qlpack.yml
+++ b/shared/regex/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/regex
-version: 0.0.3
+version: 0.0.4-dev
 groups: shared
 library: true
 dependencies:
diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml
index 0d4719584ce..6abc7e0643b 100644
--- a/shared/ssa/qlpack.yml
+++ b/shared/ssa/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/ssa
-version: 0.0.7
+version: 0.0.8-dev
 groups: shared
 library: true
diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml
index 4ce79250a0d..ac9084e7c06 100644
--- a/shared/typos/qlpack.yml
+++ b/shared/typos/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/typos
-version: 0.0.7
+version: 0.0.8-dev
 groups: shared
 library: true

From 7526c35c6091c417e9edbcfb975afb0b64b215c2 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Mon, 12 Dec 2022 16:23:26 +0100
Subject: [PATCH 42/93] speedup the "ATM - Check query suite" CI job

---
 .github/workflows/atm-check-query-suite.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/atm-check-query-suite.yml b/.github/workflows/atm-check-query-suite.yml
index 7317746fe62..06e38bc7641 100644
--- a/.github/workflows/atm-check-query-suite.yml
+++ b/.github/workflows/atm-check-query-suite.yml
@@ -13,7 +13,7 @@ on:
 
 jobs:
   atm-check-query-suite:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-xl
 
     steps:
       - uses: actions/checkout@v3
@@ -23,6 +23,12 @@ jobs:
         with:
           channel: release
 
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with: 
+          key: atm-suite
+
       - name: Install ATM model
         run: |
           set -exu
@@ -54,6 +60,7 @@ jobs:
             --output "${SARIF_PATH}" \
             --sarif-group-rules-by-pack \
             -vv \
+            --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
             -- \
             "${DB_PATH}" \
             "${QUERY_PACK}/${QUERY_SUITE}"

From f554e1fef16dd296252308ebca6c64288eca5d93 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Mon, 12 Dec 2022 16:27:32 +0100
Subject: [PATCH 43/93] more threads

---
 .github/workflows/atm-check-query-suite.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/atm-check-query-suite.yml b/.github/workflows/atm-check-query-suite.yml
index 06e38bc7641..454093b9051 100644
--- a/.github/workflows/atm-check-query-suite.yml
+++ b/.github/workflows/atm-check-query-suite.yml
@@ -56,6 +56,7 @@ jobs:
           echo "SARIF_PATH=${SARIF_PATH}" >> "${GITHUB_ENV}"
 
           codeql database analyze \
+            --threads=0 \
             --format sarif-latest \
             --output "${SARIF_PATH}" \
             --sarif-group-rules-by-pack \

From a1564de126ca81f42f378a7c40d00703b7c3adf9 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Mon, 12 Dec 2022 16:35:01 +0100
Subject: [PATCH 44/93] more ram

---
 .github/workflows/atm-check-query-suite.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/atm-check-query-suite.yml b/.github/workflows/atm-check-query-suite.yml
index 454093b9051..ed93a6f8f2f 100644
--- a/.github/workflows/atm-check-query-suite.yml
+++ b/.github/workflows/atm-check-query-suite.yml
@@ -57,6 +57,7 @@ jobs:
 
           codeql database analyze \
             --threads=0 \
+            --ram 50000 \
             --format sarif-latest \
             --output "${SARIF_PATH}" \
             --sarif-group-rules-by-pack \

From dd86f7a69696c4df4b962ae03f2b23922aec29e9 Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Mon, 12 Dec 2022 18:33:22 +0000
Subject: [PATCH 45/93] Kotlin: Revert type erasure within $default functions

This imprecise implementation turned out to cause linkage errors, e.g. when type variables in the signatures of member methods were inappropriately erased. For the time being we accept that $default methods despite having erased signatures in keeping with their JVM representation can contain expressions whose types make reference to their
surrounding function or class' type variables, even though they should be out of scope since $default methods are static and don't have type parameters, and need to cope with the inconsistency in QL.
---
 .../src/main/kotlin/KotlinFileExtractor.kt    |  2 --
 .../src/main/kotlin/KotlinUsesExtractor.kt    | 32 +++++------------
 .../parameter-defaults/PrintAst.expected      |  4 +--
 .../parameter-defaults/erasure.expected       | 36 +++++++++++++++++++
 .../parameter-defaults/erasure.ql             |  2 ++
 5 files changed, 48 insertions(+), 28 deletions(-)

diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
index faa83139bbb..cce26ed2380 100644
--- a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
+++ b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
@@ -1194,8 +1194,6 @@ open class KotlinFileExtractor(
             // n + o'th parameter, where `o` is the parameter offset caused by adding any dispatch receiver to the parameter list.
             // Note we don't need to add the extension receiver here because `useValueParameter` always assumes an extension receiver
             // will be prepended if one exists.
-            // Note we have to get the real function ID here before entering this block, because otherwise we'll misrepresent the signature of a generic
-            // function without its type variables -- for example, trying to address `f(T, List<T>)` as `f(Object, List)`.
             val realFunctionId = useFunction<DbCallable>(f)
             DeclarationStackAdjuster(f, OverriddenFunctionAttributes(id, id, locId, nonSyntheticParams, typeParameters = listOf(), isStatic = true)).use {
                 val realParamsVarId = getValueParameterLabel(id, parameterTypes.size - 2)
diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
index cc335d3f8cb..fe55fdba256 100644
--- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
+++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
@@ -643,26 +643,6 @@ open class KotlinUsesExtractor(
         RETURN, GENERIC_ARGUMENT, OTHER
     }
 
-    private fun isOnDeclarationStackWithoutTypeParameters(f: IrFunction) =
-        this is KotlinFileExtractor && this.declarationStack.findOverriddenAttributes(f)?.typeParameters?.isEmpty() == true
-
-    private fun isStaticFunctionOnStackBeforeClass(c: IrClass) =
-        this is KotlinFileExtractor && (this.declarationStack.findFirst { it.first == c || it.second?.isStatic == true })?.second?.isStatic == true
-
-    private fun isUnavailableTypeParameter(t: IrType) =
-        t is IrSimpleType && t.classifier.owner.let { owner ->
-            owner is IrTypeParameter && owner.parent.let { parent ->
-                when (parent) {
-                    is IrFunction -> isOnDeclarationStackWithoutTypeParameters(parent)
-                    is IrClass -> isStaticFunctionOnStackBeforeClass(parent)
-                    else -> false
-                }
-            }
-        }
-
-    private fun argIsUnavailableTypeParameter(t: IrTypeArgument) =
-        t is IrTypeProjection && isUnavailableTypeParameter(t.type)
-
     private fun useSimpleType(s: IrSimpleType, context: TypeContext): TypeResults {
         if (s.abbreviation != null) {
             // TODO: Extract this information
@@ -735,13 +715,11 @@ open class KotlinUsesExtractor(
             }
 
             owner is IrClass -> {
-                val args = if (s.isRawType() || s.arguments.any { argIsUnavailableTypeParameter(it) }) null else s.arguments
+                val args = if (s.isRawType()) null else s.arguments
 
                 return useSimpleTypeClass(owner, args, s.isNullable())
             }
             owner is IrTypeParameter -> {
-                if (isUnavailableTypeParameter(s))
-                    return useType(erase(s), context)
                 val javaResult = useTypeParameter(owner)
                 val aClassId = makeClass("kotlin", "TypeParam") // TODO: Wrong
                 val kotlinResult = if (true) TypeResult(fakeKotlinType(), "TODO", "TODO") else
@@ -1474,7 +1452,13 @@ open class KotlinUsesExtractor(
         param.parent.let {
             (it as? IrFunction)?.let { fn ->
                 if (this is KotlinFileExtractor)
-                    this.declarationStack.findOverriddenAttributes(fn)?.id
+                    this.declarationStack.findOverriddenAttributes(fn)?.takeUnless {
+                        // When extracting the `static fun f$default(...)` that accompanies `fun <T> f(val x: T? = defaultExpr, ...)`,
+                        // `f$default` has no type parameters, and so there is no `f$default::T` to refer to.
+                        // We have no good way to extract references to `T` in `defaultExpr`, so we just fall back on describing it
+                        // in terms of `f::T`, even though that type variable ought to be out of scope here.
+                        attribs -> attribs.typeParameters?.isEmpty() == true
+                    }?.id
                 else
                     null
             } ?:
diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected
index 13bd441dfcd..dcce5baa1da 100644
--- a/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected
+++ b/java/ql/test/kotlin/library-tests/parameter-defaults/PrintAst.expected
@@ -1337,7 +1337,7 @@ test.kt:
 #  145|             0: [AssignExpr] ...=...
 #  145|               0: [VarAccess] p4
 #  145|               1: [MethodAccess] listOf(...)
-#  145|                 -2: [TypeAccess] Object
+#  145|                 -2: [TypeAccess] T
 #  145|                 -1: [TypeAccess] CollectionsKt
 #  145|                 0: [VarAccess] p2
 #  145|         3: [IfStmt] if (...)
@@ -1360,7 +1360,7 @@ test.kt:
 #  145|             0: [AssignExpr] ...=...
 #  145|               0: [VarAccess] p6
 #  145|               1: [MethodAccess] listOf(...)
-#  145|                 -2: [TypeAccess] Object
+#  145|                 -2: [TypeAccess] S
 #  145|                 -1: [TypeAccess] CollectionsKt
 #  145|                 0: [VarAccess] p1
 #  145|         5: [ReturnStmt] return ...
diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected
index e69de29bb2d..e6ed6dd1432 100644
--- a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected
+++ b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.expected
@@ -0,0 +1,36 @@
+| test.kt:124:3:126:3 | ...=... | test.kt:122:19:122:19 | T |
+| test.kt:124:3:126:3 | ...=... | test.kt:122:19:122:19 | T |
+| test.kt:124:3:126:3 | p1 | test.kt:122:19:122:19 | T |
+| test.kt:124:3:126:3 | p2 | test.kt:122:19:122:19 | T |
+| test.kt:124:3:126:3 | p2 | test.kt:122:19:122:19 | T |
+| test.kt:124:3:126:3 | p3 | test.kt:122:19:122:19 | T |
+| test.kt:124:3:126:3 | p3 | test.kt:122:19:122:19 | T |
+| test.kt:124:22:124:22 | p1 | test.kt:122:19:122:19 | T |
+| test.kt:135:3:135:43 | ...=... | test.kt:122:19:122:19 | T |
+| test.kt:135:3:135:43 | p1 | test.kt:122:19:122:19 | T |
+| test.kt:135:3:135:43 | p2 | test.kt:122:19:122:19 | T |
+| test.kt:135:3:135:43 | p2 | test.kt:122:19:122:19 | T |
+| test.kt:135:3:135:43 | testReturn(...) | test.kt:122:19:122:19 | T |
+| test.kt:145:3:147:3 | ...=... | file:///modules/java.base/java/util/List.class:0:0:0:0 | List<S> |
+| test.kt:145:3:147:3 | ...=... | file:///modules/java.base/java/util/List.class:0:0:0:0 | List<T> |
+| test.kt:145:3:147:3 | ...=... | test.kt:143:27:143:27 | T |
+| test.kt:145:3:147:3 | ...=... | test.kt:143:27:143:27 | T |
+| test.kt:145:3:147:3 | ...=... | test.kt:145:8:145:12 | S |
+| test.kt:145:3:147:3 | p1 | test.kt:145:8:145:12 | S |
+| test.kt:145:3:147:3 | p2 | test.kt:143:27:143:27 | T |
+| test.kt:145:3:147:3 | p2 | test.kt:143:27:143:27 | T |
+| test.kt:145:3:147:3 | p3 | test.kt:143:27:143:27 | T |
+| test.kt:145:3:147:3 | p3 | test.kt:143:27:143:27 | T |
+| test.kt:145:3:147:3 | p4 | file:///modules/java.base/java/util/List.class:0:0:0:0 | List<T> |
+| test.kt:145:3:147:3 | p4 | file:///modules/java.base/java/util/List.class:0:0:0:0 | List<T> |
+| test.kt:145:3:147:3 | p5 | test.kt:145:8:145:12 | S |
+| test.kt:145:3:147:3 | p5 | test.kt:145:8:145:12 | S |
+| test.kt:145:3:147:3 | p6 | file:///modules/java.base/java/util/List.class:0:0:0:0 | List<S> |
+| test.kt:145:3:147:3 | p6 | file:///modules/java.base/java/util/List.class:0:0:0:0 | List<S> |
+| test.kt:145:30:145:30 | p1 | test.kt:145:8:145:12 | S |
+| test.kt:145:66:145:74 | T | test.kt:143:27:143:27 | T |
+| test.kt:145:66:145:74 | listOf(...) | file:///modules/java.base/java/util/List.class:0:0:0:0 | List<T> |
+| test.kt:145:73:145:73 | p2 | test.kt:143:27:143:27 | T |
+| test.kt:145:111:145:119 | S | test.kt:145:8:145:12 | S |
+| test.kt:145:111:145:119 | listOf(...) | file:///modules/java.base/java/util/List.class:0:0:0:0 | List<S> |
+| test.kt:145:118:145:118 | p1 | test.kt:145:8:145:12 | S |
diff --git a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql
index 9bb2ad44c15..9818700479e 100644
--- a/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql
+++ b/java/ql/test/kotlin/library-tests/parameter-defaults/erasure.ql
@@ -5,6 +5,8 @@ class InstantiatedType extends ParameterizedType {
 }
 
 // This checks that all type parameter references are erased in the context of a $default function.
+// Note this is currently expected to fail since for the time being we extract type variable references
+// even where they should be out of scope.
 predicate containsTypeVariables(Type t) {
   t instanceof TypeVariable or
   containsTypeVariables(t.(InstantiatedType).getATypeArgument()) or

From e0045d27363f1ec63ddc5b55763624d8ec927bee Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Mon, 12 Dec 2022 21:44:24 +0100
Subject: [PATCH 46/93] filter out string literals from the taint-sink meta
 query

---
 ruby/ql/src/queries/meta/internal/TaintMetrics.qll | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ruby/ql/src/queries/meta/internal/TaintMetrics.qll b/ruby/ql/src/queries/meta/internal/TaintMetrics.qll
index 19d26103cb9..7768828caf6 100644
--- a/ruby/ql/src/queries/meta/internal/TaintMetrics.qll
+++ b/ruby/ql/src/queries/meta/internal/TaintMetrics.qll
@@ -1,5 +1,5 @@
+private import ruby
 private import codeql.files.FileSystem
-private import codeql.ruby.DataFlow
 private import codeql.ruby.dataflow.RemoteFlowSources
 private import codeql.ruby.security.CodeInjectionCustomizations
 private import codeql.ruby.security.CommandInjectionCustomizations
@@ -34,6 +34,12 @@ DataFlow::Node relevantTaintSink(string kind) {
     kind = "UnsafeDeserialization" and result instanceof UnsafeDeserialization::Sink
     or
     kind = "UrlRedirect" and result instanceof UrlRedirect::Sink
+  ) and
+  // the sink is not a string literal
+  not exists(Ast::StringLiteral str |
+    str = result.asExpr().getExpr() and
+    // ensure there is no interpolation, as that is not a literal
+    not str.getComponent(_) instanceof Ast::StringInterpolationComponent
   )
 }
 

From 406a12e7978fadee85e1f8a8ec69d6b82c8905bb Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Tue, 13 Dec 2022 09:34:36 +0000
Subject: [PATCH 47/93] Remove unused function DeclarationStack.findFirst

---
 java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
index cce26ed2380..5990fb3389d 100644
--- a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
+++ b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
@@ -5794,9 +5794,6 @@ open class KotlinFileExtractor(
 
         fun findOverriddenAttributes(f: IrFunction) =
             stack.lastOrNull { it.first == f } ?.second
-
-        fun findFirst(f: (Pair<IrDeclaration, OverriddenFunctionAttributes?>) -> Boolean) =
-            stack.findLast(f)
     }
 
     data class OverriddenFunctionAttributes(

From a2c886d3679023e9066a18288f09e738fca3d4c0 Mon Sep 17 00:00:00 2001
From: Edward Minnix III <egregius313@github.com>
Date: Tue, 13 Dec 2022 11:57:46 -0500
Subject: [PATCH 48/93] Grammar and wording changes from docs review

Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
---
 .../AndroidWebViewAddJavascriptInterface.qhelp     | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp
index 5cadc31d810..7917a96839d 100644
--- a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.qhelp
@@ -4,27 +4,27 @@
 <qhelp>
   <overview>
     <p>
-      The <code>addJavascriptInterface</code> method of
+      Calling the <code>addJavascriptInterface</code> method of
       the <code>android.webkit.WebView</code> class allows the web pages of a
-      WebView to access methods of a Java object via JavaScript.
+      WebView to access a Java object's methods via JavaScript.
     </p>
 
     <p>
-      Objects exposed to Javascript are available in all frames of the
+      Objects exposed to JavaScript are available in all frames of the
       WebView.
     </p>
   </overview>
 
   <recommendation>
     <p>
-      If you need to expose Java objects with Javascript, you should guarantee
-      that no untrusted third party content is loaded into the WebView.
+      If you need to expose Java objects to JavaScript, guarantee that no
+      untrusted third-party content is loaded into the WebView.
     </p>
   </recommendation>
 
   <example>
     <p>
-      In the following (bad) example, a Java object is exposed to Javascript.
+      In the following (bad) example, a Java object is exposed to JavaScript.
     </p>
 
     <sample src="AndroidWebViewAddJavascriptInterfaceExample.java"/>
@@ -33,7 +33,7 @@
 
   <references>
     <li>
-      Android Documentation<a href="https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object">addJavascriptInterface</a>
+      Android Documentation: <a href="https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String)">addJavascriptInterface</a>
     </li>
   </references>
 

From a3933fbf4fa8c1ae49a246f16c1b63812b004c30 Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Tue, 13 Dec 2022 18:59:24 +0000
Subject: [PATCH 49/93] Bump minor versions of packs we regularly release

---
 cpp/ql/lib/qlpack.yml                         | 2 +-
 cpp/ql/src/qlpack.yml                         | 2 +-
 csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +-
 csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +-
 csharp/ql/lib/qlpack.yml                      | 2 +-
 csharp/ql/src/qlpack.yml                      | 2 +-
 go/ql/lib/qlpack.yml                          | 2 +-
 go/ql/src/qlpack.yml                          | 2 +-
 java/ql/lib/qlpack.yml                        | 2 +-
 java/ql/src/qlpack.yml                        | 2 +-
 javascript/ql/lib/qlpack.yml                  | 2 +-
 javascript/ql/src/qlpack.yml                  | 2 +-
 misc/suite-helpers/qlpack.yml                 | 2 +-
 python/ql/lib/qlpack.yml                      | 2 +-
 python/ql/src/qlpack.yml                      | 2 +-
 ruby/ql/lib/qlpack.yml                        | 3 +--
 ruby/ql/src/qlpack.yml                        | 2 +-
 17 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml
index b5c7ec3bd7a..ee8913624dc 100644
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.4.7-dev
+version: 0.5.0-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml
index 603410f7946..b8b2f8a31ca 100644
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.4.7-dev
+version: 0.5.0-dev
 groups: 
   - cpp
   - queries
diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
index e02e0a23130..3db26da98de 100644
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.3.7-dev
+version: 1.4.0-dev
 groups:
     - csharp
     - solorigate
diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
index 06e38173f20..9d3c5a80b02 100644
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.3.7-dev
+version: 1.4.0-dev
 groups:
     - csharp
     - solorigate
diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml
index 9ef9fd5b611..75d3cd21610 100644
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.4.7-dev
+version: 0.5.0-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml
index 875aa77fff2..926a272097e 100644
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.4.7-dev
+version: 0.5.0-dev
 groups: 
   - csharp
   - queries
diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml
index 0e39e54998a..a3b398f3a0b 100644
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.3.7-dev
+version: 0.4.0-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go
diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml
index 4427152eef6..88d4e107152 100644
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.3.7-dev
+version: 0.4.0-dev
 groups:
   - go
   - queries
diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml
index feb377ca9ff..9eb1924a3d3 100644
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.4.7-dev
+version: 0.5.0-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml
index 032ff0b0d16..9017221edc3 100644
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.4.7-dev
+version: 0.5.0-dev
 groups: 
   - java
   - queries
diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml
index 2d9cc82e7b2..f506e391d72 100644
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.3.7-dev
+version: 0.4.0-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml
index 25854a00154..e22b3c4b5f1 100644
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.4.7-dev
+version: 0.5.0-dev
 groups: 
   - javascript
   - queries
diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml
index 68b88ed9a9e..5ecfc312c46 100644
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,3 +1,3 @@
 name: codeql/suite-helpers
-version: 0.3.7-dev
+version: 0.4.0-dev
 groups: shared
diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml
index 6ba0baa9fc2..7da58edd333 100644
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.6.7-dev
+version: 0.7.0-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml
index cb7193ce215..0bcf45523e7 100644
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.5.7-dev
+version: 0.6.0-dev
 groups: 
   - python
   - queries
diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml
index 004e41ae9c2..153afd88563 100644
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.4.7-dev
+version: 0.5.0-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
@@ -8,6 +8,5 @@ library: true
 dependencies:
   codeql/ssa: ${workspace}
   codeql/regex: ${workspace}
-  codeql/ssa: 0.0.1
 dataExtensions:
   - codeql/ruby/frameworks/**/model.yml
diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml
index 4ab00a5bd38..85a6b678753 100644
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.4.7-dev
+version: 0.5.0-dev
 groups: 
   - ruby
   - queries

From 40c759e61a40354a4fd63ff33153057fc93cd66b Mon Sep 17 00:00:00 2001
From: Edward Minnix III <egregius313@github.com>
Date: Tue, 13 Dec 2022 16:14:28 -0500
Subject: [PATCH 50/93] Add @name property

Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
---
 .../Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
index d481de249ca..4be7a15daa8 100644
--- a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
@@ -1,4 +1,5 @@
 /**
+ * @name Access Java object methods through JavaScript exposure
  * @id java/android-webview-addjavascriptinterface
  * @description Exposing a Javascript interface to a Java object in a WebView can lead to malicious JavaScript controlling the application.
  * @kind problem

From 72484b9483ce3f457134955c636f2426d5c26c65 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Wed, 14 Dec 2022 16:15:41 -0500
Subject: [PATCH 51/93] Change wording of addJavascriptInterface query
 description

---
 .../CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
index 4be7a15daa8..1b6412138b1 100644
--- a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
@@ -1,7 +1,7 @@
 /**
  * @name Access Java object methods through JavaScript exposure
  * @id java/android-webview-addjavascriptinterface
- * @description Exposing a Javascript interface to a Java object in a WebView can lead to malicious JavaScript controlling the application.
+ * @description Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application.
  * @kind problem
  * @problem.severity warning
  * @security-severity 6.1

From 904a4bd48b6648e236a23416d2304cb0e53c24a2 Mon Sep 17 00:00:00 2001
From: Jean Helie <jhelie@github.com>
Date: Fri, 16 Dec 2022 13:52:58 +0100
Subject: [PATCH 52/93] fix script updating endpoint_large_scale test data

---
 .../test/endpoint_large_scale/README.md       |  9 ++++
 .../test/update_endpoint_test_files.py        | 45 ++++++++++---------
 2 files changed, 33 insertions(+), 21 deletions(-)
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/README.md

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/README.md b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/README.md
new file mode 100644
index 00000000000..769dfa6fd27
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/README.md
@@ -0,0 +1,9 @@
+# autogenerated folder
+
+This folder contains test data for the ATM endpoint CodeQL tests that has been autogenerated from the standard JS CodeQL libraries.
+
+It is helpful, but not required, to periodically update this test data to incorporate new test data introduced in the standard JS CodeQL libraries.
+
+To update this test data, run `python /path/to/codeql-lib/ql/javascript/test/update_endpoint_test_files.py`.
+
+For more information view the source code of [`update_endpoint_test_files.py`](../../update_endpoint_test_files.py).
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py b/javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py
index 9dc18530bee..131e4f8f93f 100755
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py
@@ -2,10 +2,17 @@
 
 # This script updates the JavaScript test data used by the endpoint CodeQL tests.
 
-import glob
+import git
 import logging
-import os
 import shutil
+from pathlib import Path
+
+# Get relevant paths
+script_path = Path(__file__).absolute()
+git_repo = git.Repo(__file__, search_parent_directories=True)
+git_root = Path(git_repo.git.rev_parse('--show-toplevel'))
+autogenerated_dest_path = script_path.parent.joinpath('endpoint_large_scale',
+                                                      'autogenerated')
 
 # File extensions that should be copied to the endpoint tests. This should include source code files
 # e.g. .js, but not the tests themselves e.g. .expected, .ql, .qlref, etc.
@@ -15,35 +22,31 @@ file_extensions_to_copy = ['.js', '.ts']
 # path of that test relative to a checkout of github/codeql.
 test_root_relative_paths = {
     'NosqlAndSqlInjection': 'javascript/ql/test/query-tests/Security/CWE-089',
-    'TaintedPath': 'javascript/ql/test/query-tests/Security/CWE-022/TaintedPath',
+    'TaintedPath':
+    'javascript/ql/test/query-tests/Security/CWE-022/TaintedPath',
     'Xss': 'javascript/ql/test/query-tests/Security/CWE-079',
+    'XssThroughDom': 'javascript/ql/test/query-tests/Security/CWE-116'
 }
-# The path of the endpoint tests, relative to a checkout of github/codeql
-test_path = 'javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale'
 
 logging.basicConfig(level=logging.INFO)
 
-codeql_lib_path = os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(__file__)))))
-
-autogenerated_dest_path = os.path.join(codeql_lib_path, test_path, 'autogenerated')
-if os.path.exists(autogenerated_dest_path):
+if autogenerated_dest_path.exists():
     logging.info(f'Deleting existing autogenerated test files...')
     shutil.rmtree(autogenerated_dest_path)
 
 for key, rel_path in test_root_relative_paths.items():
-    test_files_path = os.path.join(codeql_lib_path, rel_path)
+    test_files_path = git_root.joinpath(rel_path)
     logging.info(f'Copying test files for {key}...')
-
-    for file in glob.glob(test_files_path + '/**', recursive=True):
-        # Ignore .testproj directories
-        if '.testproj' in file:
+    counter = 0
+    for file in Path(test_files_path).glob('**/*'):
+        if file.is_dir() or '.test_proj' in str(file):
             continue
-
-        file_extension = os.path.splitext(file)[1]
-        if file_extension in file_extensions_to_copy:
-            dest_path = os.path.normpath(
-                os.path.join(autogenerated_dest_path, key, os.path.relpath(file, test_files_path))
-            )
+        if file.suffix in file_extensions_to_copy:
+            autogenerated_dest_path.joinpath(key, )
+            dest_path = autogenerated_dest_path.joinpath(
+                key, file.relative_to(test_files_path))
             logging.debug(f'Copying {file} to {dest_path}')
-            os.makedirs(os.path.dirname(dest_path), exist_ok=True)
+            dest_path.parent.mkdir(parents=True, exist_ok=True)
             shutil.copyfile(file, dest_path)
+            counter += 1
+    logging.info(f'copied {counter} files')

From cd0220b248d1a949c8e3512ebb5e62cc97b4ccc6 Mon Sep 17 00:00:00 2001
From: Jean Helie <jhelie@github.com>
Date: Fri, 16 Dec 2022 13:58:52 +0100
Subject: [PATCH 53/93] update autogenerated data for endpoint_large_scale

---
 .../NosqlAndSqlInjection/untyped/graphql.js   | 121 +++++++
 .../untyped/json-schema-validator.js          |  27 ++
 .../NosqlAndSqlInjection/untyped/ldap.js      |  71 ++++
 .../untyped/marsdb-flow-to.js                 |   2 +-
 .../NosqlAndSqlInjection/untyped/marsdb.js    |   2 +-
 .../NosqlAndSqlInjection/untyped/mysql.js     |  22 ++
 .../untyped/pg-promise.js                     |   6 +-
 .../autogenerated/README.md                   |   7 -
 .../autogenerated/TaintedPath/TaintedPath.js  |  21 +-
 .../autogenerated/TaintedPath/express.js      |   9 +
 .../autogenerated/TaintedPath/handlebars.js   |  52 +++
 .../TaintedPath/normalizedPaths.js            |  33 +-
 .../TaintedPath/other-fs-libraries.js         |  20 ++
 .../autogenerated/TaintedPath/prettier.js     |  14 +
 .../TaintedPath/tainted-access-paths.js       |  16 +
 .../TaintedPath/tainted-require.js            |   9 +
 .../Xss/DomBasedXss/addEventListener.js       |  13 +
 .../Xss/DomBasedXss/classnames.js             |   2 +
 .../Xss/DomBasedXss/clipboard.ts              | 101 ++++++
 .../Xss/DomBasedXss/custom-element.js         |   7 +
 .../autogenerated/Xss/DomBasedXss/dates.js    |  43 +++
 .../Xss/DomBasedXss/dragAndDrop.ts            |  89 +++++
 .../autogenerated/Xss/DomBasedXss/externs.js  |  10 +
 .../autogenerated/Xss/DomBasedXss/jquery.js   |  18 +
 .../Xss/DomBasedXss/trusted-types.js          |  10 +
 .../autogenerated/Xss/DomBasedXss/tst.js      |  61 +++-
 .../Xss/DomBasedXss/xmlRequest.js             |  12 +-
 .../autogenerated/Xss/ExceptionXss/ajv.js     |  13 +
 .../Xss/ReflectedXss/ReflectedXss.js          |   9 +-
 .../Xss/ReflectedXss/live-server.js           |  18 +
 .../autogenerated/Xss/ReflectedXss/tst2.js    |  66 ++++
 .../autogenerated/Xss/ReflectedXss/tst3.js    |  13 +
 .../UnsafeHtmlConstruction/jquery-plugin.js   |   6 +
 .../UnsafeHtmlConstruction/lib/src/MyNode.ts  |   4 +
 .../Xss/UnsafeHtmlConstruction/lib2/index.ts  |   4 +
 .../UnsafeHtmlConstruction/lib2/src/MyNode.ts |   4 +
 .../Xss/UnsafeHtmlConstruction/main.js        |  42 +++
 .../unsafe-jquery-plugin.js                   |  10 +
 .../Xss/XssThroughDom/xss-through-dom.js      |  50 +++
 .../XssThroughDom/BadTagFilter/tst.js         |  28 ++
 .../XssThroughDom/DoubleEscaping/tst.js       |  96 +++++
 .../UnsafeHtmlExpansion.js                    |  39 +++
 .../tst-multi-character-sanitization.js       | 155 ++++++++
 .../IncompleteSanitization/tst.js             | 330 ++++++++++++++++++
 44 files changed, 1667 insertions(+), 18 deletions(-)
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/graphql.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/ldap.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/mysql.js
 delete mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/README.md
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/express.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/handlebars.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/prettier.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/clipboard.ts
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/custom-element.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dragAndDrop.ts
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/trusted-types.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/live-server.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst3.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/BadTagFilter/tst.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/DoubleEscaping/tst.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst.js

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/graphql.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/graphql.js
new file mode 100644
index 00000000000..723348daf57
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/graphql.js
@@ -0,0 +1,121 @@
+var express = require('express');
+var app = express();
+
+import { Octokit } from "@octokit/core";
+const kit = new Octokit();
+
+app.get('/post/:id', function(req, res) {
+    const id = req.params.id;
+    // NOT OK
+    const response = kit.graphql(`
+      query {
+        repository(owner: "github", name: "${id}") {
+          object(expression: "master:foo") {
+            ... on Blob {
+              text
+            }
+          }
+        }
+      }
+    `);
+});
+
+import { graphql, withCustomRequest } from "@octokit/graphql";
+
+app.get('/user/:id/', function(req, res) {
+    const id = req.params.id;
+    const response = graphql(`foo ${id}`); // NOT OK
+
+    const myGraphql = withCustomRequest(request);
+    const response = myGraphql(`foo ${id}`); // NOT OK
+
+    const withDefaults = graphql.defaults({});
+    withDefaults(`foo ${id}`); // NOT OK
+});
+
+const { request } = require("@octokit/request");
+
+app.get('/article/:id/', async function(req, res) {
+    const id = req.params.id;
+    const result = await request("POST /graphql", {
+      headers: {
+        authorization: "token 0000000000000000000000000000000000000001",
+      },
+      query: `foo ${id}`, // NOT OK
+    });
+
+    const withDefaults = request.defaults({});
+    withDefaults("POST /graphql", { query: `foo ${id}` }); // NOT OK
+});
+
+import { Octokit as Core } from "@octokit/rest";
+const kit2 = new Core();
+
+app.get('/event/:id/', async function(req, res) {
+    const id = req.params.id;
+    const result = await kit2.graphql(`foo ${id}`); // NOT OK
+
+    const result2 = await kit2.request("POST /graphql", { query: `foo ${id}` }); // NOT OK
+});
+
+import { graphql as nativeGraphql, buildSchema }  from 'graphql';
+var schema = buildSchema(`
+  type Query {
+    hello: String
+  }
+`);
+var root = {
+  hello: () => {
+    return 'Hello world!';
+  },
+};
+
+app.get('/thing/:id', async function(req, res) {
+  const id = req.query.id;
+  const result = await nativeGraphql(schema, "{ foo" + id + " }", root); // NOT OK
+  
+  fetch("https://my-grpahql-server.com/graphql", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      // NOT OK
+      query: `{
+        thing {
+          name
+          url
+          ${id}
+        }
+      }`
+    })
+  })
+
+  fetch("https://my-grpahql-server.com/graphql", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      // OK
+      query: `{
+        thing {
+          name
+          url
+          $id
+        }
+      }`,
+      variables: {
+        id: id
+      }
+    })
+  })
+});
+
+const github = require('@actions/github');
+app.get('/event/:id/', async function(req, res) {
+    const kit = github.getOctokit("foo")
+
+    const id = req.params.id;
+    const result = await kit.graphql(`foo ${id}`); // NOT OK
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js
index 93f09a51adb..a3bfcfd4a30 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js
@@ -35,3 +35,30 @@ app.post('/documents/find', (req, res) => {
         doc.find(query); // NOT OK
     });
 });
+
+import Joi from 'joi';
+
+const joiSchema = Joi.object({
+    date: Joi.string().required(),
+    title: Joi.string().required()
+}).with('date', 'title');
+
+app.post('/documents/insert', (req, res) => {
+    MongoClient.connect('mongodb://localhost:27017/test', async (err, db) => {
+        let doc = db.collection('doc');
+
+        const query = JSON.parse(req.query.data);
+        const validate = joiSchema.validate(query);
+        if (!validate.error) {
+            doc.find(query); // OK
+        } else {
+            doc.find(query); // NOT OK
+        }
+        try {
+            await joiSchema.validateAsync(query);
+            doc.find(query); // OK - but still flagged [INCONSISTENCY]
+        } catch (e) {
+            doc.find(query); // NOT OK
+        }
+    });
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/ldap.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/ldap.js
new file mode 100644
index 00000000000..9502cace21a
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/ldap.js
@@ -0,0 +1,71 @@
+const http = require("http");
+const url = require("url");
+const ldap = require("ldapjs");
+const client = ldap.createClient({
+  url: "ldap://127.0.0.1:1389",
+});
+
+// https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
+const sanitizeInput = function (input) {
+  return input
+    .replace(/\*/g, "\\2a")
+    .replace(/\(/g, "\\28")
+    .replace(/\)/g, "\\29")
+    .replace(/\\/g, "\\5c")
+    .replace(/\0/g, "\\00")
+    .replace(/\//g, "\\2f");
+};
+
+const server = http.createServer((req, res) => {
+  let q = url.parse(req.url, true);
+
+  let username = q.query.username;
+
+  var opts1 = {
+    filter: `(|(name=${username})(username=${username}))`,
+  };
+
+  client.search("o=example", opts1, function (err, res) {}); // NOT OK
+
+  client.search(
+    "o=example",
+    { filter: `(|(name=${username})(username=${username}))` }, // NOT OK
+    function (err, res) {}
+  );
+
+  // GOOD
+  client.search(
+    "o=example",
+    { // OK
+      filter: `(|(name=${sanitizeInput(username)})(username=${sanitizeInput(
+        username
+      )}))`,
+    },
+    function (err, res) {}
+  );
+
+  // GOOD (https://github.com/ldapjs/node-ldapjs/issues/181)
+  let f = new OrFilter({
+    filters: [
+      new EqualityFilter({
+        attribute: "name",
+        value: username,
+      }),
+      new EqualityFilter({
+        attribute: "username",
+        value: username,
+      }),
+    ],
+  });
+
+  client.search("o=example", { filter: f }, function (err, res) {});
+
+  const parsedFilter = ldap.parseFilter(
+    `(|(name=${username})(username=${username}))`
+  );
+  client.search("o=example", { filter: parsedFilter }, function (err, res) {}); // NOT OK
+
+  const dn = ldap.parseDN(`cn=${username}`, function (err, dn) {}); // NOT OK
+});
+
+server.listen(389, () => {});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js
index 0c9e49be8e1..9b6d9b2fb88 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js
@@ -11,5 +11,5 @@ app.post("/documents/find", (req, res) => {
   query.title = req.body.title;
 
   // NOT OK: query is tainted by user-provided object value
-  db.myDoc.find(query);
+  db.myDoc.find(query, (err, data) => {});
 });
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb.js
index dc85bc142b5..0ebbb3d8a71 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/marsdb.js
@@ -13,5 +13,5 @@ app.post("/documents/find", (req, res) => {
   query.title = req.body.title;
 
   // NOT OK: query is tainted by user-provided object value
-  doc.find(query);
+  doc.find(query, (err, data) => {});
 });
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/mysql.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/mysql.js
new file mode 100644
index 00000000000..de328fb49fa
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/mysql.js
@@ -0,0 +1,22 @@
+const app = require("express")();
+const mysql = require('mysql');
+const pool = mysql.createPool(getConfig());
+
+app.get("search", function handler(req, res) {
+    let temp = req.params.value;
+    pool.getConnection(function(err, connection) {
+        connection.query({
+            sql: 'SELECT * FROM `books` WHERE `author` = ?', // OK
+            values: [temp]
+        }, function(error, results, fields) {});
+    });
+    pool.getConnection(function(err, connection) {
+        connection.query({
+            sql: 'SELECT * FROM `books` WHERE `author` = ' + temp, // NOT OK
+        }, function(error, results, fields) {});
+    });
+    pool.getConnection(function(err, connection) {
+        connection.query('SELECT * FROM `books` WHERE `author` = ' + temp, // NOT OK
+            function(error, results, fields) {});
+    });
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js
index 07d92a753ec..d3f190dd198 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js
@@ -5,7 +5,7 @@ require('express')().get('/foo', (req, res) => {
 
   var query = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
              + req.params.category + "' ORDER BY PRICE";
-  
+
   db.any(query); // NOT OK
   db.many(query); // NOT OK
   db.manyOrNone(query); // NOT OK
@@ -17,7 +17,7 @@ require('express')().get('/foo', (req, res) => {
   db.oneOrNone(query); // NOT OK
   db.query(query); // NOT OK
   db.result(query); // NOT OK
-  
+
   db.one({
     text: query // NOT OK
   });
@@ -59,7 +59,7 @@ require('express')().get('/foo', (req, res) => {
   db.task(t => {
       return t.one(query); // NOT OK
   });
-  db.task(
+  db.taskIf(
     { cnd: t => t.one(query) }, // NOT OK
     t => t.one(query) // NOT OK
   );
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/README.md b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/README.md
deleted file mode 100644
index f854c482ba3..00000000000
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# autogenerated
-
-This folder contains test data for the ATM endpoint CodeQL tests that has been autogenerated from the standard JS CodeQL libraries.
-
-It is helpful, but not required, to periodically update this test data to incorporate new test data introduced in the standard JS CodeQL libraries.
-To update this test data, run `python /path/to/codeql-lib/ql/javascript/test/update_endpoint_test_files.py --codeql-lib-path /path/to/codeql-lib`.
-For more information, run `python /path/to/codeql-lib/ql/javascript/test/update_endpoint_test_files.py --help` or view the source code of [`update_endpoint_test_files.py`](../../update_endpoint_test_files.py).
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/TaintedPath.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/TaintedPath.js
index 55e75a53757..f98cc9be554 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/TaintedPath.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/TaintedPath.js
@@ -193,4 +193,23 @@ var server = http.createServer(function(req, res) {
 
   res.write(fs.readFileSync("prefix" + path.replace(/^(\.\.[\/\\])+/, ''))); // NOT OK - not normalized
   res.write(fs.readFileSync(pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // NOT OK (can be absolute)
-});
\ No newline at end of file
+});
+
+import normalizeUrl from 'normalize-url';
+
+var server = http.createServer(function(req, res) {
+  // tests for a few more uri-libraries
+  const qs = require("qs");
+  res.write(fs.readFileSync(qs.parse(req.url).foo)); // NOT OK
+  res.write(fs.readFileSync(qs.parse(normalizeUrl(req.url)).foo)); // NOT OK
+  const parseqs = require("parseqs");
+  res.write(fs.readFileSync(parseqs.decode(req.url).foo)); // NOT OK
+});
+
+const cp = require("child_process");
+var server = http.createServer(function(req, res) {
+  let path = url.parse(req.url, true).query.path;
+  cp.execSync("foobar", {cwd: path}); // NOT OK
+  cp.execFileSync("foobar", ["args"], {cwd: path}); // NOT OK
+  cp.execFileSync("foobar", {cwd: path}); // NOT OK
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/express.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/express.js
new file mode 100644
index 00000000000..dad320e3aba
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/express.js
@@ -0,0 +1,9 @@
+var express = require("express"),
+  fileUpload = require("express-fileupload");
+
+let app = express();
+app.use(fileUpload());
+
+app.get("/some/path", function (req, res) {
+  req.files.foo.mv(req.query.bar);
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/handlebars.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/handlebars.js
new file mode 100644
index 00000000000..512b851592a
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/handlebars.js
@@ -0,0 +1,52 @@
+const express = require('express');
+const hb = require("handlebars");
+const fs = require("fs");
+
+const app = express();
+
+const data = {};
+
+function init() {
+    hb.registerHelper("catFile", function catFile(filePath) {
+        return fs.readFileSync(filePath); // SINK (reads file)
+    });
+    hb.registerHelper("prependToLines", function prependToLines(prefix, filePath) {
+        return fs
+          .readFileSync(filePath)
+          .split("\n")
+          .map((line) => prefix + line)
+          .join("\n");
+    });
+    data.compiledFileAccess = hb.compile("contents of file {{path}} are: {{catFile path}}")
+    data.compiledBenign = hb.compile("hello, {{name}}");
+    data.compiledUnknown = hb.compile(fs.readFileSync("greeting.template"));
+    data.compiledMixed = hb.compile("helpers may have several args, like here: {{prependToLines prefix path}}");
+}
+
+init();
+
+app.get('/some/path1', function (req, res) {
+    res.send(data.compiledFileAccess({ path: req.params.path })); // NOT ALLOWED (template uses vulnerable catFile)
+});
+
+app.get('/some/path2', function (req, res) {
+    res.send(data.compiledBenign({ name: req.params.name })); // ALLOWED (this template does not use catFile)
+});
+
+app.get('/some/path3', function (req, res) {
+    res.send(data.compiledUnknown({ name: req.params.name })); // ALLOWED (could be using a vulnerable helper, but we'll assume it's ok)
+});
+
+app.get('/some/path4', function (req, res) {
+    res.send(data.compiledMixed({
+        prefix: ">>> ",
+        path: req.params.path // NOT ALLOWED (template uses vulnerable helper)
+    }));
+});
+
+app.get('/some/path5', function (req, res) {
+    res.send(data.compiledMixed({
+        prefix: req.params.prefix, // ALLOWED (this parameter is safe)
+        path: "data/path-5.txt"
+    }));
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/normalizedPaths.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/normalizedPaths.js
index f03260e3c84..f5caae46c45 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/normalizedPaths.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/normalizedPaths.js
@@ -370,4 +370,35 @@ app.get('/yet-another-prefix2', (req, res) => {
   function allowPath(requestPath, rootPath) {
     return requestPath.indexOf(rootPath) === 0;
   }
-});
\ No newline at end of file
+});
+
+import slash from 'slash';
+app.get('/slash-stuff', (req, res) => {
+  let path = req.query.path;
+
+  fs.readFileSync(path); // NOT OK
+
+  fs.readFileSync(slash(path)); // NOT OK
+});
+
+app.get('/dotdot-regexp', (req, res) => {
+  let path = pathModule.normalize(req.query.x);
+  if (pathModule.isAbsolute(path))
+    return;
+  fs.readFileSync(path); // NOT OK
+  if (!path.match(/\./)) {
+    fs.readFileSync(path); // OK
+  }
+  if (!path.match(/\.\./)) {
+    fs.readFileSync(path); // OK
+  }
+  if (!path.match(/\.\.\//)) {
+    fs.readFileSync(path); // OK
+  }
+  if (!path.match(/\.\.\/foo/)) {
+    fs.readFileSync(path); // NOT OK
+  }
+  if (!path.match(/(\.\.\/|\.\.\\)/)) {
+    fs.readFileSync(path); // OK
+  }
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/other-fs-libraries.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/other-fs-libraries.js
index 14c9e357492..bda7051ba80 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/other-fs-libraries.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/other-fs-libraries.js
@@ -50,4 +50,24 @@ http.createServer(function(req, res) {
 
   fs.readFileSync(path); // NOT OK
   asyncFS.readFileSync(path); // NOT OK
+
+  require("pify")(fs.readFileSync)(path); // NOT OK
+  require("pify")(fs).readFileSync(path); // NOT OK
+
+  require('util.promisify')(fs.readFileSync)(path); // NOT OK
+
+  require("thenify")(fs.readFileSync)(path); // NOT OK
+
+  const readPkg = require('read-pkg');
+  var pkg = readPkg.readPackageSync({cwd: path}); // NOT OK
+  var pkgPromise = readPkg.readPackageAsync({cwd: path}); // NOT OK
+});
+
+const mkdirp = require("mkdirp");
+http.createServer(function(req, res) {
+  var path = url.parse(req.url, true).query.path;
+
+  fs.readFileSync(path); // NOT OK
+  mkdirp(path); // NOT OK
+  mkdirp.sync(path); // NOT OK
 });
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/prettier.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/prettier.js
new file mode 100644
index 00000000000..7546bb2c293
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/prettier.js
@@ -0,0 +1,14 @@
+const express = require('express');
+const prettier = require("prettier");
+
+const app = express();
+app.get('/some/path', function (req, res) {
+    const { p } = req.params;
+    prettier.resolveConfig(p).then((options) => { // NOT OK
+        const formatted = prettier.format("foo", options);
+    });
+
+    prettier.resolveConfig("foo", {config: p}).then((options) => { // NOT OK
+        const formatted = prettier.format("bar", options);
+    });
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-access-paths.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-access-paths.js
index 3c98512dad7..465b5b70b69 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-access-paths.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-access-paths.js
@@ -32,3 +32,19 @@ var server = http.createServer(function(req, res) {
 });
 
 server.listen();
+
+var nodefs = require('node:fs');
+
+var server2 = http.createServer(function(req, res) {
+  let path = url.parse(req.url, true).query.path;
+  nodefs.readFileSync(path); // NOT OK
+});
+
+server2.listen();
+
+const chownr = require("chownr");
+
+var server3 = http.createServer(function (req, res) {
+  let path = url.parse(req.url, true).query.path;
+  chownr(path, "someuid", "somegid", function (err) {}); // NOT OK
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-require.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-require.js
index 443ccdd31b0..23f89c55c39 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-require.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/TaintedPath/tainted-require.js
@@ -6,3 +6,12 @@ app.get('/some/path', function(req, res) {
   // BAD: loading a module based on un-sanitized query parameters
   var m = require(req.param("module"));
 });
+
+const resolve = require("resolve");
+app.get('/some/path', function(req, res) {
+  var module = resolve.sync(req.param("module")); // NOT OK - resolving module based on query parameters
+
+  resolve(req.param("module"), { basedir: __dirname }, function(err, res) { // NOT OK - resolving module based on query parameters
+    var module = res;
+  });
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/addEventListener.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/addEventListener.js
index fbb1dcfe01d..97d21371d08 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/addEventListener.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/addEventListener.js
@@ -14,4 +14,17 @@ function test() {
     }
 
     window.addEventListener("message", foo.bind(null, {data: 'items'}));
+
+    window.onmessage = e => {
+        if (e.origin !== "https://foobar.com") {
+            return;
+        }
+        document.write(e.data); // OK - there is an origin check
+    }
+
+    window.onmessage = e => {
+        if (mySet.includes(e.origin)) {
+            document.write(e.data); // OK - there is an origin check
+        }
+    }
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/classnames.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/classnames.js
index e18f7844f68..a0e75045a2e 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/classnames.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/classnames.js
@@ -13,4 +13,6 @@ function main() {
     document.body.innerHTML = `<span class="${safeStyle(window.name)}">Hello<span>`; // NOT OK
     document.body.innerHTML = `<span class="${safeStyle('foo')}">Hello<span>`; // OK
     document.body.innerHTML = `<span class="${clsx(window.name)}">Hello<span>`; // NOT OK
+
+    document.body.innerHTML += `<span class="${clsx(window.name)}">Hello<span>`; // NOT OK
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/clipboard.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/clipboard.ts
new file mode 100644
index 00000000000..b87d5a43bee
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/clipboard.ts
@@ -0,0 +1,101 @@
+$("#foo").on("paste", paste);
+
+function paste(e) {
+    const { clipboardData } = e.originalEvent;
+    if (!clipboardData) return;
+
+    const text = clipboardData.getData('text/plain');
+    const html = clipboardData.getData('text/html');
+    if (!text && !html) return;
+
+    e.preventDefault();
+
+    const div = document.createElement('div');
+    if (html) {
+        div.innerHTML = html; // NOT OK
+    } else {
+        div.textContent = text;
+    }
+    document.body.append(div);
+}
+
+export function install(el: HTMLElement): void {
+    el.addEventListener('paste', (e) => {
+        $("#id").html(e.clipboardData.getData('text/html')); // NOT OK    
+    })
+}
+
+document.addEventListener('paste', (e) => {
+    $("#id").html(e.clipboardData.getData('text/html')); // NOT OK
+});
+
+$("#foo").bind('paste', (e) => {
+    $("#id").html(e.originalEvent.clipboardData.getData('text/html')); // NOT OK
+});
+
+(function () {
+    let div = document.createElement("div");
+    div.onpaste = function (e: ClipboardEvent) {
+        const { clipboardData } = e;
+        if (!clipboardData) return;
+
+        const text = clipboardData.getData('text/plain');
+        const html = clipboardData.getData('text/html');
+        if (!text && !html) return;
+
+        e.preventDefault();
+
+        const div = document.createElement('div');
+        if (html) {
+            div.innerHTML = html; // NOT OK
+        } else {
+            div.textContent = text;
+        }
+        document.body.append(div);
+    }
+})();
+
+async function getClipboardData(e: ClipboardEvent): Promise<Array<File | string>> {
+    // Using a set to filter out duplicates. For some reason, dropping URLs duplicates them 3 times (for me)
+    const dropItems = new Set<File | string>();
+  
+    // First get all files in the drop event
+    if (e.clipboardData.files.length > 0) {
+      // tslint:disable-next-line: prefer-for-of
+      for (let i = 0; i < e.clipboardData.files.length; i++) {
+        const file = e.clipboardData.files[i];
+      }
+    }
+  
+    if (e.clipboardData.types.includes('text/html')) {
+      const droppedHtml = e.clipboardData.getData('text/html');
+      const container = document.createElement('html');
+      container.innerHTML = droppedHtml;
+      const imgs = container.getElementsByTagName('img');
+      if (imgs.length === 1) {
+        const src = imgs[0].src;
+        dropItems.add(src);
+      }
+    } else if (e.clipboardData.types.includes('text/plain')) {
+      const plainText = e.clipboardData.getData('text/plain');
+      // Check if text is an URL
+      if (/^https?:\/\//i.test(plainText)) {
+        dropItems.add(plainText);
+      }
+    }
+  
+    const imageItems = Array.from(dropItems);
+    return imageItems;
+  }
+
+// inputevent
+(function () {
+    let div = document.createElement("div");
+    div.addEventListener("beforeinput", function (e: InputEvent) {
+        const { data, inputType, isComposing, dataTransfer } = e;
+        if (!dataTransfer) return;
+
+        const html = dataTransfer.getData('text/html');
+        $("#id").html(html); // NOT OK
+    });
+})();
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/custom-element.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/custom-element.js
new file mode 100644
index 00000000000..9177f08bdc5
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/custom-element.js
@@ -0,0 +1,7 @@
+import * as dummy from 'dummy';
+
+class CustomElm extends HTMLElement {
+    test() {
+        this.innerHTML = window.name; // NOT OK
+    }
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dates.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dates.js
index 592dc37c973..47513c796d9 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dates.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dates.js
@@ -16,4 +16,47 @@ function main() {
     document.body.innerHTML = `Time is ${moment(time).format(taint)}`; // NOT OK
     document.body.innerHTML = `Time is ${moment(taint).format()}`; // OK
     document.body.innerHTML = `Time is ${dateformat(time, taint)}`; // NOT OK
+
+    import dayjs from 'dayjs';
+    document.body.innerHTML = `Time is ${dayjs(time).format(taint)}`; // NOT OK
 }
+
+import LuxonAdapter from "@date-io/luxon";
+import DateFnsAdapter from "@date-io/date-fns";
+import MomentAdapter from "@date-io/moment";
+import DayJSAdapter from "@date-io/dayjs"
+
+function dateio() {
+    let taint = decodeURIComponent(window.location.hash.substring(1));
+
+    const dateFns = new DateFnsAdapter();
+    const luxon = new LuxonAdapter();
+    const moment = new MomentAdapter();
+    const dayjs = new DayJSAdapter();
+
+    document.body.innerHTML = `Time is ${dateFns.formatByString(new Date(), taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${luxon.formatByString(luxon.date(), taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${moment.formatByString(moment.date(), taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${dayjs.formatByString(dayjs.date(), taint)}`; // NOT OK
+}
+
+import { DateTime } from "luxon";
+
+function luxon() {
+    let taint = decodeURIComponent(window.location.hash.substring(1));
+
+    document.body.innerHTML = `Time is ${DateTime.now().plus({years: 1}).toFormat(taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${new DateTime().setLocale('fr').toFormat(taint)}`; // NOT OK
+    document.body.innerHTML = `Time is ${DateTime.fromISO("2020-01-01").startOf('day').toFormat(taint)}`; // NOT OK
+}
+
+function dateio2() {
+    let taint = decodeURIComponent(window.location.hash.substring(1));
+
+    const moment = new MomentAdapter();
+    document.body.innerHTML = `Time is ${moment.addDays(moment.date("2020-06-21"), 1).format(taint)}`; // NOT OK
+    const luxon = new LuxonAdapter();
+    document.body.innerHTML = `Time is ${luxon.endOfDay(luxon.date()).toFormat(taint)}`; // NOT OK
+    const dayjs = new DayJSAdapter();
+    document.body.innerHTML = `Time is ${dayjs.setHours(dayjs.date(), 4).format(taint)}`; // NOT OK
+}
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dragAndDrop.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dragAndDrop.ts
new file mode 100644
index 00000000000..487e51c8f8a
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/dragAndDrop.ts
@@ -0,0 +1,89 @@
+$("#foo").on("drop", drop);
+
+function drop(e) {
+    const { dataTransfer } = e.originalEvent;
+    if (!dataTransfer) return;
+
+    const text = dataTransfer.getData('text/plain');
+    const html = dataTransfer.getData('text/html');
+    if (!text && !html) return;
+
+    e.preventDefault();
+
+    const div = document.createElement('div');
+    if (html) {
+        div.innerHTML = html; // NOT OK
+    } else {
+        div.textContent = text;
+    }
+    document.body.append(div);
+}
+
+export function install(el: HTMLElement): void {
+    el.addEventListener('drop', (e) => {
+        $("#id").html(e.dataTransfer.getData('text/html')); // NOT OK    
+    })
+}
+
+document.addEventListener('drop', (e) => {
+    $("#id").html(e.dataTransfer.getData('text/html')); // NOT OK
+});
+
+$("#foo").bind('drop', (e) => {
+    $("#id").html(e.originalEvent.dataTransfer.getData('text/html')); // NOT OK
+});
+
+(function () {
+    let div = document.createElement("div");
+    div.ondrop = function (e: DragEvent) {
+        const { dataTransfer } = e;
+        if (!dataTransfer) return;
+
+        const text = dataTransfer.getData('text/plain');
+        const html = dataTransfer.getData('text/html');
+        if (!text && !html) return;
+
+        e.preventDefault();
+
+        const div = document.createElement('div');
+        if (html) {
+            div.innerHTML = html; // NOT OK
+        } else {
+            div.textContent = text;
+        }
+        document.body.append(div);
+    }
+})();
+
+async function getDropData(e: DragEvent): Promise<Array<File | string>> {
+    // Using a set to filter out duplicates. For some reason, dropping URLs duplicates them 3 times (for me)
+    const dropItems = new Set<File | string>();
+  
+    // First get all files in the drop event
+    if (e.dataTransfer.files.length > 0) {
+      // tslint:disable-next-line: prefer-for-of
+      for (let i = 0; i < e.dataTransfer.files.length; i++) {
+        const file = e.dataTransfer.files[i];
+      }
+    }
+  
+    if (e.dataTransfer.types.includes('text/html')) {
+      const droppedHtml = e.dataTransfer.getData('text/html');
+      const container = document.createElement('html');
+      container.innerHTML = droppedHtml;
+      const imgs = container.getElementsByTagName('img');
+      if (imgs.length === 1) {
+        const src = imgs[0].src;
+        dropItems.add(src);
+      }
+    } else if (e.dataTransfer.types.includes('text/plain')) {
+      const plainText = e.dataTransfer.getData('text/plain');
+      // Check if text is an URL
+      if (/^https?:\/\//i.test(plainText)) {
+        dropItems.add(plainText);
+      }
+    }
+  
+    const imageItems = Array.from(dropItems);
+    return imageItems;
+  }
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/externs.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/externs.js
index 7079f471978..0132d7ae7ca 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/externs.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/externs.js
@@ -57,3 +57,13 @@ function Node() {}
  * @type {Node}
  */
 Node.prototype.parentNode;
+
+/**
+ * @return {DomObjectStub}
+ */
+DomObjectStub.prototype.insertRow = function() {};
+
+/**
+ * @return {DomObjectStub}
+ */
+DomObjectStub.prototype.insertCell = function() {};
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/jquery.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/jquery.js
index 928648ced0f..3bff577fbdf 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/jquery.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/jquery.js
@@ -14,4 +14,22 @@ function test() {
   elm.innerHTML = decodeURIComponent(window.location.hash); // NOT OK
   elm.innerHTML = decodeURIComponent(window.location.search); // NOT OK
   elm.innerHTML = decodeURIComponent(window.location.toString()); // NOT OK
+
+  let hash = window.location.hash;
+  $(hash); // OK - start with '#'
+
+  $(hash.substring(1)); // NOT OK
+  $(hash.substring(1, 10)); // NOT OK
+  $(hash.substr(1)); // NOT OK
+  $(hash.slice(1)); // NOT OK
+  $(hash.substring(0, 10)); // OK
+
+  $(hash.replace('#', '')); // NOT OK
+  $(window.location.search.replace('?', '')); // NOT OK
+  $(hash.replace('!', '')); // OK
+  $(hash.replace('blah', '')); // OK
+
+  $(hash + 'blah'); // OK
+  $('blah' + hash); // OK - does not start with '<'
+  $('<b>' + hash + '</b>'); // NOT OK
 }
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/trusted-types.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/trusted-types.js
new file mode 100644
index 00000000000..cba48137122
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/trusted-types.js
@@ -0,0 +1,10 @@
+(function() {
+    const policy1 = trustedTypes.createPolicy('x', { createHTML: x => x }); // NOT OK
+    policy1.createHTML(window.name);
+
+    const policy2 = trustedTypes.createPolicy('x', { createHTML: x => 'safe' }); // OK
+    policy2.createHTML(window.name);
+
+    const policy3 = trustedTypes.createPolicy('x', { createHTML: x => x }); // OK
+    policy3.createHTML('safe');
+})();
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/tst.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/tst.js
index 44f88e0762b..3c609ddcc92 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/tst.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/tst.js
@@ -430,4 +430,63 @@ function nonGlobalSanitizer() {
   $("#foo").html(target.replace(/<metadata>[\s\S]*<\/metadata>/, '<metadata></metadata>')); // NOT OK
 
   $("#foo").html(target.replace(/<|>/g, '')); // OK
-}
\ No newline at end of file
+}
+
+function mootools(){
+	var source = document.location.search;
+
+	new Element("div"); // OK
+	new Element("div", {text: source}); // OK
+	new Element("div", {html: source}); // NOT OK
+	new Element("div").set("html", source); // NOT OK
+	new Element("div").set({"html": source}); // NOT OK
+	new Element("div").setProperty("html", source); // NOT OK
+	new Element("div").setProperties({"html": source}); // NOT OK
+	new Element("div").appendHtml(source); // NOT OK
+}
+
+
+const Convert = require('ansi-to-html');
+const ansiToHtml = new Convert();
+
+function ansiToHTML() {
+  var source = document.location.search;
+
+  $("#foo").html(source); // NOT OK
+  $("#foo").html(ansiToHtml.toHtml(source)); // NOT OK
+}
+
+function domMethods() {
+	var source = document.location.search;
+
+  let table = document.getElementById('mytable');
+  table.innerHTML = source; // NOT OK
+  let row = table.insertRow(-1);
+  row.innerHTML = source; // NOT OK
+  let cell = row.insertCell();
+  cell.innerHTML = source; // NOT OK
+}
+
+function urlStuff() {
+  var url = document.location.search.substr(1);
+
+  $("<a>", {href: url}).appendTo("body"); // NOT OK
+  $("#foo").attr("href", url); // NOT OK
+  $("#foo").attr({href: url}); // NOT OK
+  $("<img>", {src: url}).appendTo("body"); // NOT OK
+  $("<a>", {href: win.location.href}).appendTo("body"); // OK
+
+  $("<img>", {src: "http://google.com/" + url}).appendTo("body"); // OK
+
+  $("<img>", {src: ["http://google.com", url].join("/")}).appendTo("body"); // OK
+
+  if (url.startsWith("https://")) {
+    $("<img>", {src: url}).appendTo("body"); // OK
+  } else {
+    $("<img>", {src: url}).appendTo("body"); // NOT OK
+  }
+
+  window.open(location.hash.substr(1)); // OK - any JavaScript is executed in another context
+
+  navigation.navigate(location.hash.substr(1)); // NOT OK
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/xmlRequest.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/xmlRequest.js
index 91dca5e0c51..28f49bb71ca 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/xmlRequest.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/DomBasedXss/xmlRequest.js
@@ -6,11 +6,19 @@ $(document).ready(function () {
     xhr.onreadystatechange = function () {
         if (xhr.readyState !== 4) { return }
         var json = JSON.parse(xhr.responseText)
-        $("#myThing").html(json.message);
+        $("#myThing").html(json.message); // caught with additional sources
     }
     try {
         xhr.send()
     } catch (error) {
         console.log(error)
     }
-})
\ No newline at end of file
+});
+
+$(document).ready(async function () {
+    const got = require('got');
+    const resp = await got.get("{{ some_url }}");
+    const json = JSON.parse(resp.body);
+    $("#myThing").html(json.message); // caught with additional sources
+
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ExceptionXss/ajv.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ExceptionXss/ajv.js
index 2ebbc46a4b3..36dd5181a1b 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ExceptionXss/ajv.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ExceptionXss/ajv.js
@@ -11,3 +11,16 @@ app.post('/polldata', (req, res) => {
         res.send(ajv.errorsText()); // NOT OK
     }
 });
+
+const joi = require("joi");
+const joiSchema = joi.object().keys({
+    name: joi.string().required(),
+    age: joi.number().required()
+}).with('name', 'age');
+
+app.post('/votedata', (req, res) => {
+    const val = joiSchema.validate(req.body);
+    if (val.error) {
+        res.send(val.error); // NOT OK
+    }
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/ReflectedXss.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/ReflectedXss.js
index 6a85c0ec1b0..2b7c2057f0f 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/ReflectedXss.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/ReflectedXss.js
@@ -101,4 +101,11 @@ app.get('/user/:id', function (req, res) {
 
   res.send(markdownIt.use(require('markdown-it-sanitizer')).render(req.body)); // OK - HTML is sanitized. 
   res.send(markdownIt.use(require('markdown-it-abbr')).use(unknown).render(req.body)); // NOT OK
-});
\ No newline at end of file
+});
+
+var Hapi = require('hapi');
+var hapi = new Hapi.Server();
+hapi.route({
+    handler: function (request){
+        return request.query.p; // NOT OK
+    }});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/live-server.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/live-server.js
new file mode 100644
index 00000000000..aed560fc076
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/live-server.js
@@ -0,0 +1,18 @@
+var liveServer = require("live-server");
+ 
+const middleware = [function(req, res, next) {
+    const tainted = req.url;    
+
+    res.end(`<html><body>${tainted}</body></html>`); // NOT OK
+}];
+
+middleware.push(function(req, res, next) {
+    const tainted = req.url;
+
+    res.end(`<html><body>${tainted}</body></html>`); // NOT OK
+});
+
+var params = {
+    middleware
+};
+liveServer.start(params);
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst2.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst2.js
index 521b6b20a7c..60399a9b63d 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst2.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst2.js
@@ -22,3 +22,69 @@ app.get('/bar', function(req, res) {
   else
     res.send(p); // OK
 });
+
+
+const clone = require('clone');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = clone(obj);
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
+
+const serializeJavaScript = require('serialize-javascript');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var serialized = serializeJavaScript(p);
+
+  res.send(serialized); // OK
+  
+  var unsafe = serializeJavaScript(p, {unsafe: true});
+
+  res.send(unsafe); // NOT OK
+});
+
+const fclone = require('fclone');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = fclone(obj);
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
+
+const jc = require('json-cycle');
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = jc.retrocycle(jc.decycle(obj));
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
+
+const sortKeys = require('sort-keys');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = sortKeys(obj);
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst3.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst3.js
new file mode 100644
index 00000000000..c7d0fd91a4a
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/ReflectedXss/tst3.js
@@ -0,0 +1,13 @@
+var express = require('express');
+
+var app = express();
+app.enable('x-powered-by').disable('x-powered-by').get('/', function (req, res) {
+  let { p } = req.params;
+  res.send(p); // NOT OK
+});
+
+const prettier = require("prettier");
+app.post("foobar", function (reg, res) {
+  const code = prettier.format(reg.body, { semi: false, parser: "babel" });
+  res.send(code); // NOT OK
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js
index 07b25b558f9..6a133a747bd 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js
@@ -7,3 +7,9 @@
 }(function ($) {
     $("<span>" + $.trim("foo") + "</span>"); // OK
 }));
+
+$.fn.myPlugin = function (stuff, options) {
+    $("#foo").html("<span>" + options.foo + "</span>"); // NOT OK
+
+    $("#foo").html("<span>" + stuff + "</span>"); // NOT OK
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts
new file mode 100644
index 00000000000..91e81238605
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts
@@ -0,0 +1,4 @@
+export function trivialXss(s: string) {
+    const html = "<span>" + s + "</span>"; // NOT OK
+    document.querySelector("#html").innerHTML = html;
+}
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts
new file mode 100644
index 00000000000..21bb420b71f
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts
@@ -0,0 +1,4 @@
+export function trivialXss(s: string) {
+    const html = "<span>" + s + "</span>"; // NOT OK - this file is recognized as a main file.
+    document.querySelector("#html").innerHTML = html;
+}
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts
new file mode 100644
index 00000000000..35908c88f16
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts
@@ -0,0 +1,4 @@
+export function trivialXss(s: string) {
+    const html = "<span>" + s + "</span>"; // OK - this file is not recognized as a main file.
+    document.querySelector("#html").innerHTML = html;
+}
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/main.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/main.js
index 1097e126feb..01d376a2f8b 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/main.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeHtmlConstruction/main.js
@@ -75,3 +75,45 @@ module.exports.intentionalTemplate = function (obj) {
     const html = "<span>" + obj.spanTemplate + "</span>"; // OK
     document.querySelector("#template").innerHTML = html;
 }
+
+module.exports.types = function (val) {
+    if (typeof val === "string") {
+        $("#foo").html("<span>" + val + "</span>"); // NOT OK
+    } else if (typeof val === "number") {
+        $("#foo").html("<span>" + val + "</span>"); // OK
+    } else if (typeof val === "boolean") {
+        $("#foo").html("<span>" + val + "</span>"); // OK
+    }
+}
+
+function createHTML(x) {
+    return "<span>" + x + "</span>"; // NOT OK
+}
+
+module.exports.usesCreateHTML = function (x) {
+    $("#foo").html(createHTML(x));
+}
+
+const myMermaid = require('mermaid');
+module.exports.usesCreateHTML = function (x) {
+    myMermaid.render("id", x, function (svg) { // NOT OK
+        $("#foo").html(svg);
+    });
+    
+    $("#foo").html(myMermaid.render("id", x)); // NOT OK
+
+    mermaid.render("id", x, function (svg) {// NOT OK
+        $("#foo").html(svg); 
+    });
+
+    $("#foo").html(mermaid.render("id", x)); // NOT OK
+
+    mermaid.mermaidAPI.render("id", x, function (svg) {// NOT OK
+        $("#foo").html(svg);
+    });
+}
+
+module.exports.xssThroughMarkdown = function (s) {
+    const html = markdown.render(s); // NOT OK
+    document.querySelector("#markdown").innerHTML = html;
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
index 51621fec90b..b695c57fab8 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js
@@ -182,4 +182,14 @@
 		$(document).find(options.target); // OK
 	}});
 
+	$.fn.position = function( options ) {
+		if ( !options || !options.of ) {
+			return doSomethingElse( this, arguments );
+		}
+		// extending options
+		options = $.extend( {}, options );
+	
+		var target = $( options.of ); // NOT OK
+		console.log(target);
+	};
 });
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/XssThroughDom/xss-through-dom.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/XssThroughDom/xss-through-dom.js
index 656f233ca9e..7728722bd16 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/XssThroughDom/xss-through-dom.js
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/Xss/XssThroughDom/xss-through-dom.js
@@ -89,4 +89,54 @@
 	$("section h1").each(function(){
 		$("nav ul").append("<a href='#" + $(this).text().toLowerCase().replace(/ /g, '-').replace(/[^\w-]+/g,'') + "'>Section</a>"); // OK
 	});
+
+	$("#id").html($("#foo").find(".bla")[0].value); // NOT OK.
+
+	for (var i = 0; i < foo.length; i++) {
+		$("#id").html($("#foo").find(".bla")[i].value); // NOT OK.
+	}
+})();
+
+class Super {
+	constructor() {
+		this.el = $("#id").get(0);
+	}
+}
+
+class Sub extends Super {
+	constructor() {
+		super();
+		$("#id").get(0).innerHTML = "<a src=\"" + this.el.src + "\">foo</a>"; // NOT OK. Attack: `<mytag id="id" src="x:&quot;&gt;&lt;img src=1 onerror=&quot;alert(1)&quot;&gt;" />`
+	}
+}
+
+(function () {
+    const src = document.getElementById("#link").src;
+	$("#id").html(src); // NOT OK.
+
+    $("#id").attr("src", src); // OK
+
+    $("input.foo")[0].onchange = function (ev) {
+        $("#id").html(ev.target.files[0].name); // NOT OK.
+
+        $("img#id").attr("src", URL.createObjectURL(ev.target.files[0])); // NOT OK
+    }
+})();
+
+(function () {
+	let elem = document.createElement('a');
+	const wSelection = getSelection();
+	const dSelection = document.getSelection();
+	let linkText = wSelection.toString() || dSelection.toString() || '';
+	elem.innerHTML = linkText; // NOT OK
+	$("#id").html(linkText); // NOT OK
+	elem.innerText = linkText; // OK
+})();
+
+const cashDom = require("cash-dom");
+
+(function () {
+    const src = document.getElementById("#link").src;
+	cash("#id").html(src); // NOT OK.
+    cashDom("#id").html(src); // NOT OK
 })();
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/BadTagFilter/tst.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/BadTagFilter/tst.js
new file mode 100644
index 00000000000..2b71107e512
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/BadTagFilter/tst.js
@@ -0,0 +1,28 @@
+var filters = [
+    /<script.*?>.*?<\/script>/i, // NOT OK - doesn't match newlines or `</script >`
+    /<script.*?>.*?<\/script>/is, // NOT OK - doesn't match `</script >`
+    /<script.*?>.*?<\/script[^>]*>/is, // OK
+    /<!--.*-->/is, // OK - we don't care regexps that only match comments
+    /<!--.*--!?>/is, // OK
+    /<!--.*--!?>/i, // NOT OK, does not match newlines
+    /<script.*?>(.|\s)*?<\/script[^>]*>/i, // NOT OK - doesn't match inside the script tag
+    /<script[^>]*?>.*?<\/script[^>]*>/i, // NOT OK - doesn't match newlines inside the content
+    /<script(\s|\w|=|")*?>.*?<\/script[^>]*>/is, // NOT OK - does not match single quotes for attribute values
+    /<script(\s|\w|=|')*?>.*?<\/script[^>]*>/is, // NOT OK - does not match double quotes for attribute values
+    /<script( |\n|\w|=|'|")*?>.*?<\/script[^>]*>/is, // NOT OK - does not match tabs between attributes
+    /<script.*?>.*?<\/script[^>]*>/s, // NOT OK - does not match uppercase SCRIPT tags
+    /<(script|SCRIPT).*?>.*?<\/(script|SCRIPT)[^>]*>/s, // NOT OK - does not match mixed case script tags
+    /<script[^>]*?>[\s\S]*?<\/script.*>/i, // NOT OK - doesn't match newlines in the end tag
+    /<script[^>]*?>[\s\S]*?<\/script[^>]*?>/i, // OK
+    /<script\b[^>]*>([\s\S]*?)<\/script>/gi, // NOT OK - too strict matching on the end tag
+    /<(?:!--([\S|\s]*?)-->)|([^\/\s>]+)[\S\s]*?>/, // NOT OK - doesn't match comments with the right capture groups
+    /<(?:(?:\/([^>]+)>)|(?:!--([\S|\s]*?)-->)|(?:([^\/\s>]+)((?:\s+[\w\-:.]+(?:\s*=\s*?(?:(?:"[^"]*")|(?:'[^']*')|[^\s"'\/>]+))?)*)[\S\s]*?(\/?)>))/, // NOT OK - capture groups
+	/(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--.*?--\s*)+>)/gi, // NOT OK - capture groups
+    /<(?:(?:!--([\w\W]*?)-->)|(?:!\[CDATA\[([\w\W]*?)\]\]>)|(?:!DOCTYPE([\w\W]*?)>)|(?:\?([^\s\/<>]+) ?([\w\W]*?)[?/]>)|(?:\/([A-Za-z][A-Za-z0-9\-_\:\.]*)>)|(?:([A-Za-z][A-Za-z0-9\-_\:\.]*)((?:\s+[^"'>]+(?:(?:"[^"]*")|(?:'[^']*')|[^>]*))*|\/|\s+)>))/g, // NOT OK - capture groups
+    /<!--([\w\W]*?)-->|<([^>]*?)>/g, // NOT OK - capture groups
+]
+
+doFilters(filters)
+
+var strip = '<script([^>]*)>([\\S\\s]*?)<\/script([^>]*)>';  // OK - it's used with the ignorecase flag
+new RegExp(strip, 'gi');
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/DoubleEscaping/tst.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/DoubleEscaping/tst.js
new file mode 100644
index 00000000000..76cfe80b238
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/DoubleEscaping/tst.js
@@ -0,0 +1,96 @@
+function badEncode(s) {
+  return s.replace(/"/g, "&quot;")
+          .replace(/'/g, "&apos;")
+          .replace(/&/g, "&amp;");
+}
+
+function goodEncode(s) {
+  return s.replace(/&/g, "&amp;")
+          .replace(/"/g, "&quot;")
+          .replace(/'/g, "&apos;");
+}
+
+function goodDecode(s) {
+  return s.replace(/&quot;/g, "\"")
+          .replace(/&apos;/g, "'")
+          .replace(/&amp;/g, "&");
+}
+
+function badDecode(s) {
+  return s.replace(/&amp;/g, "&")
+          .replace(/&quot;/g, "\"")
+          .replace(/&apos;/g, "'");
+}
+
+function cleverEncode(code) {
+    return code.replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/&(?![\w\#]+;)/g, '&amp;');
+}
+
+function badDecode2(s) {
+  return s.replace(/&amp;/g, "&")
+          .replace(/s?ome|thin*g/g, "else")
+          .replace(/&apos;/g, "'");
+}
+
+function goodDecodeInLoop(ss) {
+  var res = [];
+  for (var s of ss) {
+    s = s.replace(/&quot;/g, "\"")
+         .replace(/&apos;/g, "'")
+         .replace(/&amp;/g, "&");
+    res.push(s);
+  }
+  return res;
+}
+
+function badDecode3(s) {
+  s = s.replace(/&amp;/g, "&");
+  s = s.replace(/&quot;/g, "\"");
+  return s.replace(/&apos;/g, "'");
+}
+
+function badUnescape(s) {
+  return s.replace(/\\\\/g, '\\')
+           .replace(/\\'/g, '\'')
+           .replace(/\\"/g, '\"');
+}
+
+function badPercentEscape(s) {
+  s = s.replace(/&/g, '%26');
+  s = s.replace(/%/g, '%25');
+  return s;
+}
+
+function badEncode(s) {
+  var indirect1 = /"/g;
+  var indirect2 = /'/g;
+  var indirect3 = /&/g;
+  return s.replace(indirect1, "&quot;")
+          .replace(indirect2, "&apos;")
+          .replace(indirect3, "&amp;");
+}
+
+function badEncodeWithReplacer(s) {
+  var repl = {
+    '"': "&quot;",
+    "'": "&apos;",
+    "&": "&amp;"
+  };
+  return s.replace(/["']/g, (c) => repl[c]).replace(/&/g, "&amp;");
+}
+
+// dubious, but out of scope for this query
+function badRoundtrip(s) {
+  return s.replace(/\\\\/g, "\\").replace(/\\/g, "\\\\");
+}
+
+function testWithCapturedVar(x) {
+  var captured = x;
+  (function() {
+    captured = captured.replace(/\\/g, "\\\\");
+  })();
+}
+
+function encodeDecodeEncode(s) {
+ return goodEncode(goodDecode(goodEncode(s)));
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js
new file mode 100644
index 00000000000..9d45c9f8f49
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js
@@ -0,0 +1,39 @@
+(function(){
+	let defaultPattern = /<(([\w:]+)[^>]*)\/>/gi;
+	let expanded = "<$1></$2>";
+
+	// lib1
+	html.replace(
+		/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,
+		expanded
+	); // NOT OK
+	html.replace(/<(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi, expanded); // NOT OK
+
+	// lib2
+	html.replace(
+		/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,
+		expanded
+	); // NOT OK
+	html.replace(/<(([\w:]+)[^>]*)\/>/gi, expanded); // NOT OK
+
+	// lib3
+	html.replace(
+		/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi,
+		expanded
+	); // NOT OK
+	html.replace(/<(([\w:-]+)[^>]*)\/>/gi, expanded); // NOT OK
+
+	html.replace(defaultPattern, expanded); // NOT OK
+	function getPattern() {
+		return defaultPattern;
+	}
+	html.replace(getPattern(), expanded); // NOT OK
+
+	function getExpanded() {
+		return expanded;
+	}
+	html.replace(defaultPattern, getExpanded()); // NOT OK (but not tracking the expansion string)
+	html.replace(defaultPattern, something); // OK (possibly)
+	defaultPattern.match(something); // OK (possibly)
+	getPattern().match(something); // OK (possibly)
+});
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js
new file mode 100644
index 00000000000..43f650acce9
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js
@@ -0,0 +1,155 @@
+// CVE-2019-10756
+(function(content) {
+  content = content.replace(/<.*cript.*\/scrip.*>/gi, ""); // NOT OK
+  content = content.replace(/ on\w+=".*"/g, ""); // NOT OK
+  content = content.replace(/ on\w+=\'.*\'/g, ""); // NOT OK
+  return content;
+});
+(function(content) {
+  content = content.replace(/<.*cript.*/gi, ""); // NOT OK
+  content = content.replace(/.on\w+=.*".*"/g, ""); // NOT OK
+  content = content.replace(/.on\w+=.*\'.*\'/g, ""); // NOT OK
+
+  return content;
+});
+
+// CVE-2020-7656
+(function(responseText) {
+  var rscript = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
+  responseText.replace(rscript, ""); // NOT OK
+  return responseText;
+});
+
+// CVE-2019-1010091
+(function(text) {
+  text = text.replace(/<!--|--!?>/g, ""); // NOT OK
+  return text;
+});
+(function(text) {
+  while (/<!--|--!?>/g.test(text)) {
+    text = text.replace(/<!--|--!?>/g, ""); // OK
+  }
+
+  return text;
+});
+
+// CVE-2019-10767
+(function(id) {
+  id = id.replace(/\.\./g, ""); // OK (can not contain '..' afterwards)
+  return id;
+});
+(function(id) {
+  id = id.replace(/[\]\[*,;'"`<>\\?\/]/g, ""); // OK (or is it?)
+  return id;
+});
+
+// CVE-2019-8903
+(function(req) {
+  var REG_TRAVEL = /(\/)?\.\.\//g;
+  req.url = req.url.replace(REG_TRAVEL, ""); // NOT OK
+});
+(function(req) {
+  var beg;
+  for (var i = 0; i < req.url.length; i++) {
+    if (req.url[i] === "." && req.url[i + 1] === "/") beg = i + 1;
+    else if (req.url[i] === "?") break;
+  }
+
+  if (beg) req.url = req.url.substring(beg);
+});
+
+// New cases
+
+(function(x) {
+  x = x.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/g, ""); // NOT OK
+
+  x = x.replace(/(\/|\s)on\w+=(\'|")?[^"]*(\'|")?/g, ""); // NOT OK
+
+  x = x.replace(/<\/script>/g, ""); // OK
+
+  x = x.replace(/<(.)?br(.)?>/g, ""); // OK
+  x = x.replace(/<\/?b>/g, ""); // OK
+  x = x.replace(/<(ul|ol)><\/(ul|ol)>/gi, ""); // OK
+  x = x.replace(/<li><\/li>/gi, ""); // OK
+
+  x = x.replace(/<!--(.*?)-->/gm, ""); // NOT OK
+  x = x.replace(/\sng-[a-z-]+/, ""); // NOT OK
+  x = x.replace(/\sng-[a-z-]+/g, ""); // NOT OK (ng-attributes)
+
+  x = x.replace(/(<!--\[CDATA\[|\]\]-->)/g, "\n"); // OK: not a sanitizer
+
+  x = x.replace(/<script.+desktop\-only.+<\/script>/g, ""); // OK [INCONSISTENCY]
+  x = x.replace(/<script async.+?<\/script>/g, ""); // OK
+  x = x.replace(/<!--[\s\S]*?-->|<\?(?:php)?[\s\S]*?\?>/gi, ""); // NOT OK
+
+  x = x.replace(/\x2E\x2E\x2F\x2E\x2E\x2F/g, ""); // NOT OK (matches "../../")
+
+  x = x.replace(/<script.*>.*<\/script>/gi, ""); // NOT OK
+
+  x = x.replace(/^(\.\.\/?)+/g, ""); // OK
+
+  // NOT OK
+  x = x.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/g, function(
+    $0
+  ) {
+    return unknown ? $0 : "";
+  });
+
+  x = x.replace(/<\/?([a-z][a-z0-9]*)\b[^>]*>/gi, ""); // NOT OK [INCONSISTENCY]
+
+  x = x.replace(/\.\./g, ""); // OK
+  x = x.replace(/\.\.\//g, ""); // NOT OK
+  x = x.replace(/\/\.\./g, ""); // NOT OK
+
+  x = x.replace(/<script(.*?)>([\s\S]*?)<\/script>/gi, ""); // NOT OK
+
+  x = x.replace(/<(script|del)(?=[\s>])[\w\W]*?<\/\1\s*>/gi, ""); // NOT OK
+  x = x.replace(/\<script[\s\S]*?\>[\s\S]*?\<\/script\>/g, ""); // NOT OK
+  x = x.replace(/<(script|style|title)[^<]+<\/(script|style|title)>/gm, ""); // NOT OK
+  x = x.replace(/<script[^>]*>([\s\S]*?)<\/script>/gi, ""); // NOT OK
+  x = x.replace(/<script[\s\S]*?<\/script>/gi, ""); // NOT OK
+  x = x.replace(/ ?<!-- ?/g, ""); // NOT OK
+  x = x.replace(/require\('\.\.\/common'\);/g, ""); // OK
+  x = x.replace(/\.\.\/\.\.\/lib\//g, ""); // OK
+
+  while (x.indexOf(".") !== -1) {
+    x = x
+      .replace(/^\.\//, "")
+      .replace(/\/\.\//, "/")
+      .replace(/[^\/]*\/\.\.\//, ""); // OK
+  }
+
+  x = x.replace(/([^.\s]+\.)+/, ""); // OK
+
+  x = x.replace(/<!\-\-DEVEL[\d\D]*?DEVEL\-\->/g, ""); // OK
+
+  x = x
+    .replace(/^\.\//, "")
+    .replace(/\/\.\//, "/")
+    .replace(/[^\/]*\/\.\.\//, ""); // NOT OK
+
+  return x;
+});
+
+(function (content) {
+	content.replace(/<script.*\/script>/gi, ""); // NOT OK
+	content.replace(/<(script).*\/script>/gi, ""); // NOT OK
+	content.replace(/.+<(script).*\/script>/gi, ""); // NOT OK
+	content.replace(/.*<(script).*\/script>/gi, ""); // NOT OK
+});
+
+(function (content) {
+  content = content.replace(/<script[\s\S]*?<\/script>/gi, ""); // NOT OK
+  content = content.replace(/<[a-zA-Z\/](.|\n)*?>/g, '') || ' '; // NOT OK
+  content = content.replace(/<(script|iframe|video)[\s\S]*?<\/(script|iframe|video)>/g, '') // NOT OK
+  content = content.replace(/<(script|iframe|video)(.|\s)*?\/(script|iframe|video)>/g, '') // NOT OK
+  content = content.replace(/<[^<]*>/g, ""); // OK
+
+  n.cloneNode(false).outerHTML.replace(/<\/?[\w:\-]+ ?|=[\"][^\"]+\"|=\'[^\']+\'|=[\w\-]+|>/gi, '').replace(/[\w:\-]+/gi, function(a) { // NOT OK
+    o.push({specified : 1, nodeName : a});
+  });
+
+  n.cloneNode(false).outerHTML.replace(/<\/?[\w:\-]+ ?|=[\"][^\"]+\"|=\'[^\']+\'|=[\w\-]+|>/gi, '').replace(/[\w:\-]+/gi, function(a) { // NOT OK
+    o.push({specified : 1, nodeName : a});
+  });  
+});
\ No newline at end of file
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst.js b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst.js
new file mode 100644
index 00000000000..dbd04664a52
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/XssThroughDom/IncompleteSanitization/tst.js
@@ -0,0 +1,330 @@
+let express = require('express');
+var app = express();
+
+function bad1(s) {
+  return s.replace("'", ""); // NOT OK
+}
+
+function bad2(s) {
+  return s.replace(/'/, ""); // NOT OK
+}
+
+function bad3(s) {
+  return s.replace(/'/g, "\\'"); // NOT OK
+}
+
+function bad4(s) {
+  return s.replace(/'/g, "\\$&"); // NOT OK
+}
+
+function bad5(s) {
+  return s.replace(/['"]/g, "\\$&"); // NOT OK
+}
+
+function bad6(s) {
+  return s.replace(/(['"])/g, "\\$1"); // NOT OK
+}
+
+function bad7(s) {
+  return s.replace(/('|")/g, "\\$1"); // NOT OK
+}
+
+function bad8(s) {
+  return s.replace('|', '');  // NOT OK
+}
+
+function bad9(s) {
+  return s.replace(/"/g, "\\\"");  // NOT OK
+}
+
+function bad10(s) {
+  return s.replace("/", "%2F"); // NOT OK
+}
+
+function bad11(s) {
+  return s.replace("%25", "%"); // NOT OK
+}
+
+function bad12(s) {
+  return s.replace(`'`, ""); // NOT OK
+}
+
+function bad13(s) {
+  return s.replace("'", ``); // NOT OK
+}
+
+function bad14(s) {
+  return s.replace(`'`, ``); // NOT OK
+}
+
+function bad15(s) {
+  return s.replace("'" + "", ""); // NOT OK
+}
+
+function bad16(s) {
+  return s.replace("'", "" + ""); // NOT OK
+}
+
+function bad17(s) {
+  return s.replace("'" + "", "" + ""); // NOT OK
+}
+
+function good1(s) {
+  while (s.indexOf("'") > 0)
+    s = s.replace("'", ""); // OK
+  return s;
+}
+
+function good2(s) {
+  while (s.indexOf("'") > 0)
+    s = s.replace(/'/, ""); // OK
+  return s;
+}
+
+function good3(s) {
+  return s.replace("@user", "id10t"); // OK
+}
+
+function good4(s) {
+  return s.replace(/#/g, "\\d+"); // OK
+}
+
+function good5(s) {
+  return s.replace(/\\/g, "\\\\").replace(/['"]/g, "\\$&"); // OK
+}
+
+function good6(s) {
+  return s.replace(/[\\]/g, '\\\\').replace(/[\"]/g, '\\"'); // OK
+}
+
+function good7(s) {
+  s = s.replace(/[\\]/g, '\\\\');
+  return s.replace(/[\"]/g, '\\"'); // OK
+}
+
+function good8(s) {
+  return s.replace(/\W/g, '\\$&'); // OK
+}
+
+function good9(s) {
+  return s.replace(/[^\w\s]/g, '\\$&'); // OK
+}
+
+function good10(s) {
+  s = JSON.stringify(s);  // NB: escapes backslashes
+  s = s.slice(1, -1);
+  s = s.replace(/\\"/g, '"');
+  s = s.replace(/'/g, "\\'"); // OK
+  return "'" + s + "'";
+}
+
+function flowifyComments(s) {
+  return s.replace(/#/g, '💩'); // OK
+}
+
+function good11(s) {
+  return s.replace("%d", "42");
+}
+
+function good12(s) {
+	s.replace('[', '').replace(']', ''); // OK
+	s.replace('(', '').replace(')', ''); // OK
+	s.replace('{', '').replace('}', ''); // OK
+	s.replace('<', '').replace('>', ''); // NOT OK: too common as a bad HTML sanitizer
+
+	s.replace('[', '\\[').replace(']', '\\]'); // NOT OK
+	s.replace('{', '\\{').replace('}', '\\}'); // NOT OK
+
+	s = s.replace('[', ''); // OK
+	s = s.replace(']', ''); // OK
+	s.replace(/{/, '').replace(/}/, ''); // NOT OK: should have used a string literal if a single replacement was intended
+	s.replace(']', '').replace('[', ''); // probably OK, but still flagged
+}
+
+function newlines(s) {
+	// motivation for whitelist
+	require("child_process").execSync("which emacs").toString().replace("\n", ""); // OK
+
+	x.replace("\n", "").replace(x, y); // NOT OK
+	x.replace(x, y).replace("\n", ""); // NOT OK
+}
+
+app.get('/some/path', function(req, res) {
+  let untrusted = req.param("p");
+
+  // the query doesn't currently check whether untrusted input flows into the
+  // sanitiser, but we add these calls anyway to make the tests more realistic
+
+  bad1(untrusted);
+  bad2(untrusted);
+  bad3(untrusted);
+  bad4(untrusted);
+  bad5(untrusted);
+  bad6(untrusted);
+  bad7(untrusted);
+  bad8(untrusted);
+  bad9(untrusted);
+  bad10(untrusted);
+  bad11(untrusted);
+  bad12(untrusted);
+  bad13(untrusted);
+  bad14(untrusted);
+  bad15(untrusted);
+  bad16(untrusted);
+  bad17(untrusted);
+
+  good1(untrusted);
+  good2(untrusted);
+  good3(untrusted);
+  good4(untrusted);
+  good5(untrusted);
+  good6(untrusted);
+  good7(untrusted);
+  good8(untrusted);
+  good9(untrusted);
+  good10(untrusted);
+  flowifyComments(untrusted);
+  good11(untrusted);
+  good12(untrusted);
+});
+
+(function (s) {
+	var indirect = /'/;
+	return s.replace(indirect, ""); // NOT OK
+});
+
+(function (s) {
+	s.replace('"', '').replace('"', ''); // OK
+	s.replace("'", "").replace("'", ""); // OK
+});
+
+function bad18(p) {
+  return p.replace("/../", ""); // NOT OK
+}
+
+function typicalBadHtmlSanitizers(s) {
+	s().replace(/[<>]/g,''); // NOT OK
+	s().replace(/[<>&]/g, ''); // NOT OK
+	s().replace(/[<>"]/g, ''); // NOT OK
+	s().replace(/</g, '').replace(/>/g, ''); // NOT OK
+	s().replace(/</g, '').replace(/>/g, '').replace(/&/g, ''); // NOT OK
+	s().replace(/</g, '').replace(/&/g, '').replace(/>/g, ''); // NOT OK
+	s().replace(/&/g, '').replace(/>/g, '').replace(/</g, ''); // NOT OK
+
+	var s = s().replace(/</g, '');
+	s = s.replace(/>/g, '');  // NOT OK
+	s().replace(/</g, '&lt;').replace(/>/g, '&gt').replace(/&/g, '&amp;').replace(/"/g, '&#34;'); // OK
+	s().replace(/</g, '&lt;').replace(/>/g, '&gt').replace(/&/g, '&amp;').replace(/'/g, '&#39;'); // OK - single quotes or double quotes both work
+
+	s().replace(/</g, '&lt;').replace(/>/g, '&gt').replace(RE, function(match) {/* ... */ }); // OK (probably)
+
+	s().replace(/[<>'"&]/g,''); // OK
+
+	s().replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/&(?![\w\#]+;)/g, '&amp;'); // OK
+
+	s().replace(!encode ? /&(?!#?\w+;)/g : /&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;'); // OK (and not recognized due to the ternary)
+
+	s().replace(/[\\/:\*\?"<>\|]/g, ''); // OK
+
+	s().replace(/[<>]/g,'_'); // OK (but probably unsafe)
+
+	s().replace(/&/g, "&gt;"); // OK
+
+	s().replace(/[\#\%4\/\-\~\>8\_\@0\!\&3\[651d\=e7fA2D\(aFBb]/g, ""); // OK
+
+	s().replace(/[<>]/g,'').replace(/[^a-z]/g, ''); // OK
+
+	s().replace(/[<>]/g,'').replace(/[^abc]/g, ''); // OK
+
+	s().replace(/[<>]/g,'').replace(/[ -~]/g, ''); // OK
+}
+
+function incompleteHtmlAttributeSanitization() {
+	'="' + s().replace(/[<>]/g,'') + '"'; // NOT OK
+	'="' + s().replace(/[<>&]/g, '') + '"'; // NOT OK
+	'="' + s().replace(/[<>"]/g, '') + '"'; // OK (maybe, since the attribute name is unknown)
+	'="' + s().replace(/[<>&"]/g,'') + '"'; // OK
+	'="' + s().replace(/[&"]/g,'') + '"'; // OK
+
+	'="' + s().replace(/[<>&']/g,'') + '"'; // NOT OK
+	"='" + s().replace(/[<>&"]/g,'') + "'"; // NOT OK
+	"='" + s().replace(/[<>&']/g,'') + "'"; // OK
+
+	'onFunkyEvent="' + s().replace(/[<>"]/g, '') + '"'; // NOT OK
+	'<div noise onFunkyEvent="' + s().replace(/[<>"]/g, '') + '"'; // NOT OK
+	'<div noise monday="' + s().replace(/[<>"]/g, '') + '"'; // OK
+	'monday="' + s().replace(/[<>"]/g, '') + '"'; // OK
+}
+
+function multiStepSanitization() {
+	function escapeHTML(value) {
+		return value.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+	}
+	function attr_str(a) {
+		return ' ' + a.name + '="' + escapeHTML(a.value).replace(/"/g, '&quot;') + '"'; // OK
+	}
+	result += '<' + tag(node) + [].map.call(x, attr_str).join('') + '>';
+}
+
+function moreIncompleteHtmlAttributeSanitization() {
+	'<a' + noise + 'onclick="javascript:document.foo.bar(\'' + s().replace(/[<>"]/g, '') + '\'); return false;">'; // NOT OK
+	'="' + s().replace(/[<>]/g,'').replace(/[^\w ]+/g, '') + '"'; // OK
+	'="' + encodeURIComponent(s().replace(/[<>]/g,'')) + '"'; // OK
+
+	var arr = s().val().trim().replace(/^,|,$/g , '').replace(/^;|;$/g , '').replace(/<|>/g , '');
+	'="' + arr.join(" ") + '"'; // NOT OK
+	var arr2 = s().val().trim().replace(/^,|,$/g , '').replace(/^;|;$/g , '').replace(/<|>/g , '')
+	arr2 = arr2.replace(/"/g,"");
+	'="' + arr2.join(" ") + '"'; // OK
+
+	var x;
+	x = x.replace(/&/g, '&amp;');
+	x = x.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+	'onclick="' + x + '"'; // NOT OK - but not flagged since the `x` replace chain is extended below
+	x = x.replace(/"/g, '&quot;');
+	'onclick="' + x + '"'; // OK
+
+	var y;
+	if (escapeAmpersand) {
+		y = y.replace(/&/g, '&amp;');
+	}
+	y = y.replace(/</g, '&lt;').replace(/>/g, '&gt;');
+	'onclick="' + y + '"'; // NOT OK - but not flagged since the `x` replace chain is extended below
+	if (escapeQuotes) {
+		y = y.replace(/"/g, '&quot;');
+	}
+	'onclick="' + y + '"'; // OK
+}
+
+function incompleteHtmlAttributeSanitization2() {
+	'=\'' + s().replace(/[&<>]/g,'') + '\''; // NOT OK
+	'=\'' + s().replace(/[<>]/g,'') + '\''; // NOT OK
+	'=\'' + s().replace(/[&<>"]/g,'') + '\''; // NOT OK
+	'=\'' + s().replace(/[<>&]/g, '') + '\''; // NOT OK
+	'="' + s().replace(/[<>&"]/g,'') + '"'; // OK
+	'=\'' + s().replace(/[<>&']/g,'') + '\''; // OK
+}
+
+function incompleteComplexSanitizers() {
+	'=\'' + s().replace(/[&<>"]/gm, function (str) { // NOT OK
+		if (str === "&")
+			return "&amp;";
+		if (str === "<")
+			return "&lt;";
+		if (str === ">")
+			return "&gt;";
+		if (str === "\"")
+			return "&quot;";
+	}) + '\'';
+
+	'="' + s().replace(/[&<>"]/gm, function (str) { // OK
+		if (str === "&")
+			return "&amp;";
+		if (str === "<")
+			return "&lt;";
+		if (str === ">")
+			return "&gt;";
+		if (str === "\"")
+			return "&quot;";
+	}) + '"';
+}
\ No newline at end of file

From 938a7e828cd0a3fa791576cea4ab49671113277a Mon Sep 17 00:00:00 2001
From: Jean Helie <jhelie@github.com>
Date: Fri, 16 Dec 2022 15:31:43 +0100
Subject: [PATCH 54/93] update tests

---
 .../EndpointFeatures.expected                 | 14093 +++++++++++++---
 .../ExtractEndpointDataInference.expected     |    75 +-
 .../ExtractEndpointDataTraining.expected      |  5500 +++++-
 .../FilteredTruePositives.expected            |     8 +
 .../getALikelyExternalLibraryCall.expected    |   866 +-
 5 files changed, 17683 insertions(+), 2859 deletions(-)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected
index 7fb7c716ce0..a8dbf544fdd 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.expected
@@ -156,26 +156,496 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionBody | fn dbClient connect process env DB_URL err client db client db process env DB_NAME fn err |
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | enclosingFunctionName | connect |
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:17:10:19 | err | fileImports | mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:23:1:31 | 'express' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:9:7:19 | '/post/:id' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:22:21:1 | functio ...   `);\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | CalleeFlexibleAccessPath | kit.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | calleeImports | @octokit/core |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | enclosingFunctionBody | req res id req params id response kit graphql \n      query {\n        repository(owner: "github", name: " id ") {\n          object(expression: "master:foo") {\n            ... on Blob {\n              text\n            }\n          }\n        }\n      }\n     |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | receiverName | kit |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:9:25:20 | '/user/:id/' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:23:34:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | CalleeFlexibleAccessPath | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | CalleeFlexibleAccessPath | withCustomRequest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:41:29:47 | request | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | CalleeFlexibleAccessPath | myGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | CalleeFlexibleAccessPath | graphql.defaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:43:32:44 | {} | receiverName | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:29:36:46 | "@octokit/request" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:9:38:23 | '/article/:id/' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:26:49:1 | async f ... OT OK\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:34:40:48 | "POST /graphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:41:16:43:7 | {\\n      ...       } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | InputAccessPathFromCallee | 1.headers.authorization |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | assignedToPropName | authorization |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:42:24:42:71 | "token  ... 000001" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | CalleeFlexibleAccessPath | request.defaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:43:47:44 | {} | receiverName | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:18:48:32 | "POST /graphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:9:54:21 | '/event/:id/' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:24:59:1 | async f ... OT OK\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | CalleeFlexibleAccessPath | kit2.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:40:58:54 | "POST /graphql" | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | CalleeFlexibleAccessPath | buildSchema |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:26:66:1 | `\\n  typ ... g\\n  }\\n` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:9:73:20 | '/thing/:id' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:23:113:1 | async f ... \\n  })\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | CalleeFlexibleAccessPath | nativeGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:38:75:43 | schema | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | CalleeFlexibleAccessPath | nativeGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | CalleeFlexibleAccessPath | nativeGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:67:75:70 | root | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:9:77:47 | "https: ... raphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | InputAccessPathFromCallee | 1.method |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | assignedToPropName | method |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:78:13:78:18 | "POST" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | InputAccessPathFromCallee | 1.headers.Content-Type |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | assignedToPropName | Content-Type |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:80:23:80:40 | "application/json" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | InputAccessPathFromCallee | 1.body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | assignedToPropName | body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:26:91:5 | {\\n      ... `\\n    } | receiverName | JSON |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | InputAccessPathFromCallee | 0.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:9:94:47 | "https: ... raphql" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | InputAccessPathFromCallee | 1.method |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | assignedToPropName | method |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:95:13:95:18 | "POST" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | InputAccessPathFromCallee | 1.headers.Content-Type |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | assignedToPropName | Content-Type |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:97:23:97:40 | "application/json" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | InputAccessPathFromCallee | 1.body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | assignedToPropName | body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:26:111:5 | {\\n      ... }\\n    } | receiverName | JSON |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | InputAccessPathFromCallee | 0.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:101:14:107:8 | `{\\n     ...      }` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | InputAccessPathFromCallee | 0.variables |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | assignedToPropName | variables |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:108:18:110:7 | {\\n      ...       } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | InputAccessPathFromCallee | 0.variables.id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | assignedToPropName | id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:24:115:40 | '@actions/github' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:9:116:21 | '/event/:id/' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:24:121:1 | async f ... OT OK\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | CalleeFlexibleAccessPath | github.getOctokit |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | calleeImports | @actions/github |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | enclosingFunctionBody | req res kit github getOctokit foo id req params id result kit graphql foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:35:117:39 | "foo" | receiverName | github |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | CalleeFlexibleAccessPath | kit.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | calleeImports | @actions/github |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | enclosingFunctionBody | req res kit github getOctokit foo id req params id result kit graphql foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | receiverName | kit |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | CalleeFlexibleAccessPath | ajv.compile |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | calleeImports | ajv |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:33:15:38 | schema | receiverName | ajv |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | CalleeFlexibleAccessPath | app.post |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | calleeImports | express |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | contextSurroundingFunctionParameters |  |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:10:21:26 | '/documents/find' | receiverName | app |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | calleeImports | express |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:29:37:1 | (req, r ...   });\\n} | receiverName | app |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
@@ -184,7 +654,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:25:22:56 | 'mongod ... 7/test' | receiverName | MongoClient |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | InputArgumentIndex | 1 |
@@ -193,7 +663,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:22:59:36:5 | (err, d ... K\\n    } | receiverName | MongoClient |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | CalleeFlexibleAccessPath | db.collection |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | InputArgumentIndex | 0 |
@@ -201,20 +671,20 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:23:33:23:37 | 'doc' | receiverName | db |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | CalleeFlexibleAccessPath | JSON.parse |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:34:25:47 | req.query.data | receiverName | JSON |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | CalleeFlexibleAccessPath | checkSchema |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | InputArgumentIndex | 0 |
@@ -223,14 +693,14 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextFunctionInterfaces | validate(x) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | InputArgumentIndex | 0 |
@@ -238,7 +708,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | InputArgumentIndex | 0 |
@@ -246,7 +716,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | InputArgumentIndex | 0 |
@@ -254,8 +724,488 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | CalleeFlexibleAccessPath | Joi.object |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:30:44:1 | {\\n    d ... red()\\n} | receiverName | Joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | CalleeFlexibleAccessPath | Joi.object |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | InputAccessPathFromCallee | 0.date |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | assignedToPropName | date |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | CalleeFlexibleAccessPath | Joi.object |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | InputAccessPathFromCallee | 0.title |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | assignedToPropName | title |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | CalleeFlexibleAccessPath | Joi.object().with |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:9:44:14 | 'date' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | CalleeFlexibleAccessPath | Joi.object().with |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | calleeImports | joi |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:44:17:44:23 | 'title' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | CalleeFlexibleAccessPath | app.post |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:10:46:28 | '/documents/insert' | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:31:64:1 | (req, r ...   });\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | CalleeFlexibleAccessPath | MongoClient.connect |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | calleeImports | mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:25:47:56 | 'mongod ... 7/test' | receiverName | MongoClient |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | CalleeFlexibleAccessPath | MongoClient.connect |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | calleeImports | mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:59:63:5 | async ( ... }\\n    } | receiverName | MongoClient |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | CalleeFlexibleAccessPath | db.collection |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:33:48:37 | 'doc' | receiverName | db |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | CalleeFlexibleAccessPath | JSON.parse |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:34:50:47 | req.query.data | receiverName | JSON |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:22:1:27 | "http" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:21:2:25 | "url" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:22:3:29 | "ldapjs" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | CalleeFlexibleAccessPath | ldap.createClient |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:34:6:1 | {\\n  url ... 389",\\n} | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | CalleeFlexibleAccessPath | ldap.createClient |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | InputAccessPathFromCallee | 0.url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | assignedToPropName | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:5:8:5:30 | "ldap:/ ... 1:1389" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | CalleeFlexibleAccessPath | input.replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:14:11:18 | /\\*/g | receiverName | input |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | CalleeFlexibleAccessPath | input.replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:11:21:11:26 | "\\\\2a" | receiverName | input |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | CalleeFlexibleAccessPath | input.replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:14:12:18 | /\\(/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | CalleeFlexibleAccessPath | input.replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:12:21:12:26 | "\\\\28" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | CalleeFlexibleAccessPath | input.replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:14:13:18 | /\\)/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | CalleeFlexibleAccessPath | input.replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:13:21:13:26 | "\\\\29" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | CalleeFlexibleAccessPath | input.replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:14:14:18 | /\\\\/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | CalleeFlexibleAccessPath | input.replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:14:21:14:26 | "\\\\5c" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | CalleeFlexibleAccessPath | input.replace().replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:14:15:18 | /\\0/g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | CalleeFlexibleAccessPath | input.replace().replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:15:21:15:26 | "\\\\00" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | CalleeFlexibleAccessPath | input.replace().replace().replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:14:16:18 | /\\//g | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | CalleeFlexibleAccessPath | input.replace().replace().replace().replace().replace().replace |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | contextSurroundingFunctionParameters | (input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | enclosingFunctionBody | input input replace /\\*/g \\2a replace /\\(/g \\28 replace /\\)/g \\29 replace /\\\\/g \\5c replace /\\0/g \\00 replace /\\//g \\2f |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | enclosingFunctionName | sanitizeInput |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:16:21:16:26 | "\\\\2f" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | calleeImports | http |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:34:69:1 | (req, r ... OT OK\\n} | receiverName | http |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | calleeImports | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:21:20:27 | req.url | receiverName | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | calleeImports | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:30:20:33 | true | receiverName | url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:17:28:27 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:37:28:58 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:31:5:31:15 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | InputAccessPathFromCallee | 1.filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | assignedToPropName | filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:33:5:33:26 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:38:5:38:15 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | InputAccessPathFromCallee | 1.filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | assignedToPropName | filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:44:5:44:26 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:17:61:27 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | InputAccessPathFromCallee | 1.filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | assignedToPropName | filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:40:61:40 | f | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:45:61:66 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | CalleeFlexibleAccessPath | ldap.parseFilter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:17:66:27 | "o=example" | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | InputAccessPathFromCallee | 1.filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | assignedToPropName | filter |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:40:66:51 | parsedFilter | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | InputArgumentIndex | 2 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:56:66:77 | functio ... res) {} | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | CalleeFlexibleAccessPath | ldap.parseDN |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | CalleeFlexibleAccessPath | ldap.parseDN |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | contextSurroundingFunctionParameters | (req, res)\n(err, dn) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:45:68:65 | functio ...  dn) {} | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | CalleeFlexibleAccessPath | server.listen |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | calleeImports | http |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:15:71:17 | 389 | receiverName | server |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | CalleeFlexibleAccessPath | server.listen |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | calleeImports | http |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | contextSurroundingFunctionParameters | () |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:20:71:27 | () => {} | receiverName | server |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | CalleeFlexibleAccessPath | require |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:24:1:31 | "marsdb" | calleeImports |  |
@@ -309,16 +1259,16 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | contextSurroundingFunctionParameters |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | fileImports | ./marsdb-flow-from body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:10:9:26 | "/documents/find" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | fileImports | ./marsdb-flow-from body-parser express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ... ery);\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | fileImports | ./marsdb-flow-from body-parser express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:29:15:1 | (req, r ...  {});\\n} | receiverName | app |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionBody | req res query query title req body title db myDoc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} | fileImports | ./marsdb-flow-from body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | CalleeFlexibleAccessPath | db.myDoc.find |
@@ -326,9 +1276,17 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | calleeImports | ./marsdb-flow-from |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | fileImports | ./marsdb-flow-from body-parser express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | CalleeFlexibleAccessPath | db.myDoc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | calleeImports | ./marsdb-flow-from |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | contextSurroundingFunctionParameters | (req, res)\n(err, data) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | fileImports | ./marsdb-flow-from body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:25:1:33 | "express" | calleeImports |  |
@@ -376,16 +1334,16 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | contextSurroundingFunctionParameters |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | fileImports | body-parser express marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:10:11:26 | "/documents/find" | receiverName | app |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | CalleeFlexibleAccessPath | app.post |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | InputArgumentIndex | 1 |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | calleeImports | express |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextFunctionInterfaces |  |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | fileImports | body-parser express marsdb |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ... ery);\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | fileImports | body-parser express marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:29:17:1 | (req, r ...  {});\\n} | receiverName | app |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionBody | req res query query title req body title doc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} | fileImports | body-parser express marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | CalleeFlexibleAccessPath | doc.find |
@@ -393,10 +1351,19 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | calleeImports | marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | fileImports | body-parser express marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | calleeImports | marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | contextSurroundingFunctionParameters | (req, res)\n(err, data) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | enclosingFunctionBody | req res query query title req body title doc find query err data |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | fileImports | body-parser express marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | CalleeFlexibleAccessPath | require |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:25:1:33 | "express" | calleeImports |  |
@@ -2327,6 +3294,146 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionBody | req res v JSON parse req body x MyModel find id v MyModel find id req body id MyModel find id req body id |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` | fileImports | ./mongooseModel body-parser express |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:21:1:29 | "express" | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | CalleeFlexibleAccessPath | require |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:23:2:29 | 'mysql' | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | CalleeFlexibleAccessPath | mysql.createPool |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | calleeImports | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() | receiverName | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | contextSurroundingFunctionParameters |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:9:5:16 | "search" | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | calleeImports | express |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:19:22:1 | functio ...   });\\n} | receiverName | app |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | pool.getConnection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | calleeImports | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:24:12:5 | functio ... ;\\n    } | receiverName | pool |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | InputAccessPathFromCallee | 0.sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | assignedToPropName | sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:9:18:9:59 | 'SELECT ... r` = ?' | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | InputAccessPathFromCallee | 0.values |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | assignedToPropName | values |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | pool.getConnection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | calleeImports | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:24:17:5 | functio ... ;\\n    } | receiverName | pool |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | InputAccessPathFromCallee | 0.sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | assignedToPropName | sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | pool.getConnection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | calleeImports | mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:24:21:5 | functio ... ;\\n    } | receiverName | pool |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | receiverName | connection |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | CalleeFlexibleAccessPath | this.db.one |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | contextFunctionInterfaces | constructor()\nonRequest(req, res) |
@@ -2381,17 +3488,17 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | CalleeFlexibleAccessPath | db.any |
@@ -2399,7 +3506,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | receiverName | db |
@@ -2408,7 +3515,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | receiverName | db |
@@ -2417,7 +3524,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | receiverName | db |
@@ -2426,7 +3533,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | receiverName | db |
@@ -2435,7 +3542,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | receiverName | db |
@@ -2444,7 +3551,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | receiverName | db |
@@ -2453,7 +3560,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | receiverName | db |
@@ -2462,7 +3569,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | receiverName | db |
@@ -2471,7 +3578,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | receiverName | db |
@@ -2480,7 +3587,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | receiverName | db |
@@ -2489,7 +3596,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | receiverName | db |
@@ -2498,7 +3605,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -2509,7 +3616,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2517,7 +3624,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -2528,7 +3635,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:25:11:25:44 | 'SELECT ... d = $1' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2538,7 +3645,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2546,7 +3653,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | receiverName | db |
@@ -2557,7 +3664,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:29:11:29:48 | 'SELECT ... $1:raw' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2567,7 +3674,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2575,7 +3682,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -2586,7 +3693,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:33:11:33:45 | 'SELECT ...  = $1^' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2596,7 +3703,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2604,7 +3711,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | receiverName | db |
@@ -2615,7 +3722,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:37:11:37:79 | 'SELECT ... o = $3' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | CalleeFlexibleAccessPath | db.one |
@@ -2625,22 +3732,22 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2648,7 +3755,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | receiverName | db |
@@ -2659,7 +3766,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:45:11:45:70 | 'SELECT ... {name}' | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | CalleeFlexibleAccessPath | db.one |
@@ -2669,7 +3776,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:46:13:49:5 | {\\n      ... n\\n    } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2679,7 +3786,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | CalleeFlexibleAccessPath | db.one |
@@ -2689,7 +3796,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | CalleeFlexibleAccessPath | db.one |
@@ -2697,7 +3804,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | receiverName | db |
@@ -2708,7 +3815,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:52:11:52:121 | "SELECT ... lue%\\"" | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | CalleeFlexibleAccessPath | db.one |
@@ -2718,7 +3825,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:53:13:57:5 | {\\n      ... e\\n    } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | CalleeFlexibleAccessPath | db.one |
@@ -2728,7 +3835,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | CalleeFlexibleAccessPath | db.one |
@@ -2738,7 +3845,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | CalleeFlexibleAccessPath | db.one |
@@ -2748,7 +3855,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | CalleeFlexibleAccessPath | db.task |
@@ -2756,7 +3863,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:59:11:61:3 | t => {\\n ...  OK\\n  } | receiverName | db |
@@ -2764,43 +3871,43 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | receiverName | t |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | CalleeFlexibleAccessPath | db.task |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | CalleeFlexibleAccessPath | db.taskIf |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:5:63:30 | { cnd:  ... uery) } | receiverName | db |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | CalleeFlexibleAccessPath | db.task |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | CalleeFlexibleAccessPath | db.taskIf |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputAccessPathFromCallee | 0.cnd |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | assignedToPropName | cnd |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:12:63:28 | t => t.one(query) | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | CalleeFlexibleAccessPath | t.one |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | receiverName | t |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | CalleeFlexibleAccessPath | db.task |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | CalleeFlexibleAccessPath | db.taskIf |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | InputArgumentIndex | 1 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:5:64:21 | t => t.one(query) | receiverName | db |
@@ -2808,7 +3915,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputArgumentIndex | 0 |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | receiverName | t |
@@ -3542,37 +4649,37 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:1:18:1:21 | 'fs' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:2:20:2:25 | 'http' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:3:19:3:23 | 'url' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:4:24:4:42 | 'sanitize-filename' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | calleeImports |  |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:5:26:5:31 | 'path' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:8:32:61:1 | functio ... h)));\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | InputArgumentIndex | 0 |
@@ -3581,7 +4688,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:9:24:9:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | InputArgumentIndex | 1 |
@@ -3590,7 +4697,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:9:33:9:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3598,7 +4705,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:12:13:12:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | InputArgumentIndex | 0 |
@@ -3607,7 +4714,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | InputArgumentIndex | 0 |
@@ -3615,7 +4722,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:15:13:15:49 | fs.read ... + path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | InputArgumentIndex | 0 |
@@ -3624,7 +4731,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | InputArgumentIndex | 0 |
@@ -3633,7 +4740,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:17:23:17:35 | "/home/user/" | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3641,7 +4748,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:18:17:18:37 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | InputArgumentIndex | 0 |
@@ -3650,7 +4757,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | CalleeFlexibleAccessPath | path.indexOf |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | InputArgumentIndex | 0 |
@@ -3659,7 +4766,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:20:20:20:27 | "secret" | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3667,7 +4774,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:21:17:21:37 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | InputArgumentIndex | 0 |
@@ -3676,7 +4783,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | CalleeFlexibleAccessPath | fs.existsSync |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | InputArgumentIndex | 0 |
@@ -3685,7 +4792,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3693,7 +4800,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:24:17:24:37 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | InputArgumentIndex | 0 |
@@ -3702,7 +4809,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3710,7 +4817,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:27:15:27:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | InputArgumentIndex | 0 |
@@ -3719,7 +4826,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3727,7 +4834,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:30:15:30:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | InputArgumentIndex | 0 |
@@ -3736,7 +4843,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -3744,7 +4851,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:33:15:33:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | InputArgumentIndex | 0 |
@@ -3753,20 +4860,20 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:35:10:35:23 | sanitize(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:36:13:36:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | InputArgumentIndex | 0 |
@@ -3775,7 +4882,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | InputArgumentIndex | 0 |
@@ -3784,7 +4891,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:38:20:38:26 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | InputArgumentIndex | 1 |
@@ -3793,7 +4900,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:38:29:38:32 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3801,7 +4908,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:40:13:40:54 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -3810,7 +4917,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | CalleeFlexibleAccessPath | pathModule.basename |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | InputArgumentIndex | 0 |
@@ -3819,7 +4926,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:40:49:40:52 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3827,7 +4934,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:42:13:42:53 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -3836,7 +4943,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | CalleeFlexibleAccessPath | pathModule.dirname |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | InputArgumentIndex | 0 |
@@ -3845,7 +4952,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:42:48:42:51 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3853,7 +4960,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:44:13:44:53 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -3862,7 +4969,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | CalleeFlexibleAccessPath | pathModule.extname |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | InputArgumentIndex | 0 |
@@ -3871,7 +4978,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:44:48:44:51 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3879,7 +4986,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:46:13:46:50 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | InputArgumentIndex | 0 |
@@ -3888,7 +4995,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | InputArgumentIndex | 0 |
@@ -3897,7 +5004,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:46:45:46:48 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | InputArgumentIndex | 0 |
@@ -3905,7 +5012,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:13:48:59 | fs.read ... th, z)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | InputArgumentIndex | 0 |
@@ -3914,7 +5021,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | InputArgumentIndex | 0 |
@@ -3923,7 +5030,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:45:48:45 | x | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | InputArgumentIndex | 1 |
@@ -3932,7 +5039,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:48:48:48 | y | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | InputArgumentIndex | 2 |
@@ -3941,7 +5048,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:51:48:54 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | InputArgumentIndex | 3 |
@@ -3950,7 +5057,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:57:48:57 | z | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -3958,7 +5065,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:50:13:50:55 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -3967,7 +5074,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | InputArgumentIndex | 0 |
@@ -3976,7 +5083,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:50:50:50:53 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | InputArgumentIndex | 0 |
@@ -3984,7 +5091,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:13:52:57 | fs.read ...  path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -3993,7 +5100,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | InputArgumentIndex | 0 |
@@ -4002,7 +5109,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:49:52:49 | x | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | InputArgumentIndex | 1 |
@@ -4011,7 +5118,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:52:52:55 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | InputArgumentIndex | 0 |
@@ -4019,7 +5126,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:13:54:57 | fs.read ... th, x)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | InputArgumentIndex | 0 |
@@ -4028,7 +5135,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | InputArgumentIndex | 0 |
@@ -4037,7 +5144,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:49:54:52 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | InputArgumentIndex | 1 |
@@ -4046,7 +5153,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:55:54:55 | x | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -4054,7 +5161,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:56:13:56:53 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | InputArgumentIndex | 0 |
@@ -4063,7 +5170,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | InputArgumentIndex | 0 |
@@ -4072,7 +5179,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:56:48:56:51 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | InputArgumentIndex | 0 |
@@ -4080,7 +5187,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:13:58:62 | fs.read ... th, z)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | InputArgumentIndex | 0 |
@@ -4089,7 +5196,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | InputArgumentIndex | 0 |
@@ -4098,7 +5205,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:48:58:48 | x | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | InputArgumentIndex | 1 |
@@ -4107,7 +5214,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:51:58:51 | y | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | InputArgumentIndex | 2 |
@@ -4116,7 +5223,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:54:58:57 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | InputArgumentIndex | 3 |
@@ -4125,7 +5232,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:60:58:60 | z | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -4133,7 +5240,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:60:13:60:62 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | InputArgumentIndex | 0 |
@@ -4142,7 +5249,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | CalleeFlexibleAccessPath | pathModule.toNamespacedPath |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | InputArgumentIndex | 0 |
@@ -4151,54 +5258,54 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:60:57:60:60 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:63:16:63:22 | 'myApp' | receiverName | angular |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:63:25:63:26 | [] | receiverName | angular |
 | autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive |
 | autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:64:16:64:27 | 'myCustomer' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | CalleeFlexibleAccessPath | angular.module().directive |
 | autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:64:30:68:5 | functio ... }\\n    } | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().directive().directive |
 | autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:69:16:69:27 | 'myCustomer' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | CalleeFlexibleAccessPath | angular.module().directive().directive |
 | autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:69:30:73:5 | functio ... }\\n    } | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | CalleeFlexibleAccessPath | Cookie.get |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionBody | templateUrl Cookie get unsafe |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | enclosingFunctionName | directive#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:71:37:71:44 | "unsafe" | receiverName | Cookie |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:75:32:80:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | InputArgumentIndex | 0 |
@@ -4206,7 +5313,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:77:15:77:77 | fs.read ... .query) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | InputArgumentIndex | 0 |
@@ -4215,7 +5322,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | InputArgumentIndex | 0 |
@@ -4224,7 +5331,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:39:77:54 | "querystringify" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | CalleeFlexibleAccessPath | import(!).parse |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | calleeImports | querystringify |
@@ -4232,14 +5339,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:63:77:69 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:15:78:75 | fs.read ... .query) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | InputArgumentIndex | 0 |
@@ -4248,7 +5355,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | InputArgumentIndex | 0 |
@@ -4257,7 +5364,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:39:78:52 | "query-string" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | CalleeFlexibleAccessPath | import(!).parse |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | calleeImports | query-string |
@@ -4265,14 +5372,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:61:78:67 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:15:79:74 | fs.read ... .query) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | InputArgumentIndex | 0 |
@@ -4281,7 +5388,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | InputArgumentIndex | 0 |
@@ -4290,7 +5397,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:39:79:51 | "querystring" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | CalleeFlexibleAccessPath | import(!).parse |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | calleeImports | querystring |
@@ -4298,7 +5405,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:60:79:66 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | calleeImports |  |
@@ -4306,14 +5413,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:84:27:84:35 | 'express' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | CalleeFlexibleAccessPath | res.render |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextSurroundingFunctionParameters | ()\n(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | CalleeFlexibleAccessPath | application.get |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | InputArgumentIndex | 0 |
@@ -4322,7 +5429,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:88:21:88:30 | '/views/*' | receiverName | application |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | CalleeFlexibleAccessPath | application.get |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | InputArgumentIndex | 1 |
@@ -4331,7 +5438,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:88:33:88:43 | views_local | receiverName | application |
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | InputArgumentIndex | 0 |
@@ -4340,7 +5447,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:90:34:90:42 | "./views" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | CalleeFlexibleAccessPath | application.get |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | calleeImports | express |
@@ -4348,7 +5455,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:91:21:91:30 | '/views/*' | receiverName | application |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | CalleeFlexibleAccessPath | application.get |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | InputArgumentIndex | 1 |
@@ -4357,25 +5464,25 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:91:33:91:46 | views_imported | receiverName | application |
 | autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | CalleeFlexibleAccessPath | addEventListener |
 | autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:95:18:95:26 | 'message' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | CalleeFlexibleAccessPath | addEventListener |
 | autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | contextSurroundingFunctionParameters | (ev) |
-| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:95:29:97:1 | (ev) => ... ata);\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | CalleeFlexibleAccessPath | Cookie.set |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | contextSurroundingFunctionParameters | (ev) |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | enclosingFunctionBody | ev Cookie set unsafe ev data |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | enclosingFunctionName | addEventListener#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:96:14:96:21 | "unsafe" | receiverName | Cookie |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | CalleeFlexibleAccessPath | Cookie.set |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | InputArgumentIndex | 1 |
@@ -4383,14 +5490,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | contextSurroundingFunctionParameters | (ev) |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | enclosingFunctionBody | ev Cookie set unsafe ev data |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | enclosingFunctionName | addEventListener#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:96:24:96:30 | ev.data | receiverName | Cookie |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:99:32:109:1 | functio ...   );\\n\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | InputArgumentIndex | 0 |
@@ -4399,7 +5506,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:100:23:100:29 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | InputArgumentIndex | 1 |
@@ -4408,7 +5515,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:100:32:100:35 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | InputArgumentIndex | 0 |
@@ -4416,7 +5523,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:12:102:49 | fs.read ... (path)) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | InputArgumentIndex | 0 |
@@ -4425,7 +5532,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | CalleeFlexibleAccessPath | fs.realpathSync |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | InputArgumentIndex | 0 |
@@ -4434,7 +5541,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | CalleeFlexibleAccessPath | fs.realpath |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | InputArgumentIndex | 0 |
@@ -4443,7 +5550,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | CalleeFlexibleAccessPath | fs.realpath |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | InputArgumentIndex | 1 |
@@ -4452,7 +5559,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | InputArgumentIndex | 0 |
@@ -4460,7 +5567,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:105:29:105:53 | fs.read ... alpath) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | InputArgumentIndex | 0 |
@@ -4469,14 +5576,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:111:32:120:1 | functio ... bove.\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | InputArgumentIndex | 0 |
@@ -4485,7 +5592,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:112:24:112:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | InputArgumentIndex | 1 |
@@ -4494,13 +5601,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:112:33:112:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | calleeImports | url |
@@ -4508,7 +5615,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:115:25:115:46 | /[\\]\\[* ... \\?\\/]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | InputArgumentIndex | 1 |
@@ -4517,13 +5624,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:115:49:115:50 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | calleeImports | url |
@@ -4531,7 +5638,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:116:25:116:31 | /\\.\\./g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | InputArgumentIndex | 1 |
@@ -4540,7 +5647,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:116:34:116:35 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -4548,7 +5655,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:119:13:119:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | InputArgumentIndex | 0 |
@@ -4557,14 +5664,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:122:32:133:1 | functio ... bove.\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | InputArgumentIndex | 0 |
@@ -4573,7 +5680,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:123:24:123:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | InputArgumentIndex | 1 |
@@ -4582,13 +5689,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:123:33:123:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | calleeImports | url |
@@ -4596,7 +5703,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:128:24:128:45 | /[\\]\\[* ... \\?\\/]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | InputArgumentIndex | 1 |
@@ -4605,13 +5712,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:128:48:128:49 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | calleeImports | url |
@@ -4619,7 +5726,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:129:25:129:31 | /\\.\\./g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | InputArgumentIndex | 1 |
@@ -4628,7 +5735,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:129:34:129:35 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -4636,7 +5743,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:132:13:132:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | InputArgumentIndex | 0 |
@@ -4645,14 +5752,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:135:32:139:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | InputArgumentIndex | 0 |
@@ -4661,7 +5768,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:136:23:136:29 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | InputArgumentIndex | 1 |
@@ -4670,7 +5777,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:136:32:136:35 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | InputArgumentIndex | 0 |
@@ -4679,7 +5786,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:138:10:138:15 | 'send' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | calleeImports | send |
@@ -4687,7 +5794,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:138:18:138:20 | req | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | calleeImports | send |
@@ -4695,13 +5802,13 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:141:32:163:1 | functio ...  OK \\n\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | InputArgumentIndex | 0 |
@@ -4710,7 +5817,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:142:24:142:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | InputArgumentIndex | 1 |
@@ -4719,7 +5826,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:142:33:142:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | InputArgumentIndex | 0 |
@@ -4728,7 +5835,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | CalleeFlexibleAccessPath | path.split |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | InputArgumentIndex | 0 |
@@ -4737,7 +5844,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:146:26:146:28 | "/" | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | InputArgumentIndex | 0 |
@@ -4746,7 +5853,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | CalleeFlexibleAccessPath | split.join |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | InputArgumentIndex | 0 |
@@ -4755,7 +5862,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:148:30:148:32 | "/" | receiverName | split |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | InputArgumentIndex | 0 |
@@ -4764,7 +5871,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | InputArgumentIndex | 0 |
@@ -4773,7 +5880,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | InputArgumentIndex | 0 |
@@ -4782,7 +5889,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | CalleeFlexibleAccessPath | prefix.concat |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | InputArgumentIndex | 0 |
@@ -4790,7 +5897,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | receiverName | prefix |
 | autogenerated/TaintedPath/TaintedPath.js:155:33:155:37 | split | stringConcatenatedWith | prefix -endpoint-  |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -4800,7 +5907,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | CalleeFlexibleAccessPath | concatted.join |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | InputArgumentIndex | 0 |
@@ -4808,7 +5915,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:156:34:156:36 | "/" | receiverName | concatted |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | CalleeFlexibleAccessPath | split.concat |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | InputArgumentIndex | 0 |
@@ -4817,7 +5924,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | receiverName | split |
 | autogenerated/TaintedPath/TaintedPath.js:158:33:158:38 | prefix | stringConcatenatedWith | split -endpoint-  |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -4827,7 +5934,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | CalleeFlexibleAccessPath | concatted2.join |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | InputArgumentIndex | 0 |
@@ -4836,7 +5943,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:159:35:159:37 | "/" | receiverName | concatted2 |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | InputArgumentIndex | 0 |
@@ -4845,14 +5952,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | calleeImports | http |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:165:32:196:1 | functio ... lute)\\n} | receiverName | http |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | InputArgumentIndex | 0 |
@@ -4861,7 +5968,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:166:24:166:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | InputArgumentIndex | 1 |
@@ -4870,7 +5977,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:166:33:166:36 | true | receiverName | url |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -4878,7 +5985,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:13:169:69 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -4887,7 +5994,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | InputArgumentIndex | 0 |
@@ -4896,7 +6003,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:42:169:63 | /[\\]\\[* ... \\?\\/]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | InputArgumentIndex | 1 |
@@ -4905,7 +6012,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:66:169:67 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -4913,7 +6020,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:13:170:56 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -4922,7 +6029,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | InputArgumentIndex | 0 |
@@ -4931,7 +6038,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:42:170:50 | /[abcd]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | InputArgumentIndex | 1 |
@@ -4940,7 +6047,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:53:170:54 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -4948,7 +6055,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:13:171:54 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -4957,7 +6064,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | InputArgumentIndex | 0 |
@@ -4966,7 +6073,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:42:171:48 | /[./]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | InputArgumentIndex | 1 |
@@ -4975,7 +6082,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:51:171:52 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -4983,7 +6090,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:13:172:65 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -4992,7 +6099,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | InputArgumentIndex | 0 |
@@ -5001,7 +6108,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:42:172:59 | /[foobar/foobar]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | InputArgumentIndex | 1 |
@@ -5010,7 +6117,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:62:172:63 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5018,7 +6125,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:13:173:52 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5027,7 +6134,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | InputArgumentIndex | 0 |
@@ -5036,7 +6143,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:42:173:46 | /\\//g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | InputArgumentIndex | 1 |
@@ -5045,7 +6152,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:49:173:50 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5053,7 +6160,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:13:174:55 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5062,7 +6169,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | InputArgumentIndex | 0 |
@@ -5071,7 +6178,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:42:174:49 | /\\.\|\\//g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | InputArgumentIndex | 1 |
@@ -5080,7 +6187,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:52:174:53 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5088,7 +6195,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:13:176:53 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5097,7 +6204,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | InputArgumentIndex | 0 |
@@ -5106,7 +6213,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:42:176:47 | /[.]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | InputArgumentIndex | 1 |
@@ -5115,7 +6222,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:50:176:51 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5123,7 +6230,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:13:177:54 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5132,7 +6239,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | InputArgumentIndex | 0 |
@@ -5141,7 +6248,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:42:177:48 | /[..]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | InputArgumentIndex | 1 |
@@ -5150,7 +6257,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:51:177:52 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5158,7 +6265,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:13:178:52 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5167,7 +6274,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | InputArgumentIndex | 0 |
@@ -5176,7 +6283,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:42:178:46 | /\\./g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | InputArgumentIndex | 1 |
@@ -5185,7 +6292,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:49:178:50 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5193,7 +6300,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:13:179:58 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5202,7 +6309,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | InputArgumentIndex | 0 |
@@ -5211,7 +6318,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:42:179:52 | /\\.\\.\|BLA/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | InputArgumentIndex | 1 |
@@ -5220,7 +6327,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:55:179:56 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5228,7 +6335,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:15:182:55 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5237,7 +6344,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | InputArgumentIndex | 0 |
@@ -5246,7 +6353,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:44:182:49 | /[.]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | InputArgumentIndex | 1 |
@@ -5255,7 +6362,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:52:182:53 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5263,7 +6370,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:14:183:55 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5272,7 +6379,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | InputArgumentIndex | 0 |
@@ -5281,7 +6388,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:43:183:49 | /[..]/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | InputArgumentIndex | 1 |
@@ -5290,7 +6397,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:52:183:53 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5298,7 +6405,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:15:184:54 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5307,7 +6414,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | InputArgumentIndex | 0 |
@@ -5316,7 +6423,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:44:184:48 | /\\./g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | InputArgumentIndex | 1 |
@@ -5325,7 +6432,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:51:184:52 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | InputArgumentIndex | 0 |
@@ -5333,7 +6440,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:14:185:59 | fs.read ... g, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | InputArgumentIndex | 0 |
@@ -5342,7 +6449,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | InputArgumentIndex | 0 |
@@ -5351,7 +6458,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:43:185:53 | /\\.\\.\|BLA/g | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | InputArgumentIndex | 1 |
@@ -5360,7 +6467,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:56:185:57 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | InputArgumentIndex | 0 |
@@ -5368,7 +6475,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:13:189:96 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | InputArgumentIndex | 0 |
@@ -5377,7 +6484,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | InputArgumentIndex | 0 |
@@ -5386,7 +6493,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:61:189:64 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | InputArgumentIndex | 0 |
@@ -5395,7 +6502,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:75:189:90 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | calleeImports | path |
@@ -5403,14 +6510,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:93:189:94 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:13:190:95 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | InputArgumentIndex | 0 |
@@ -5419,7 +6526,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | InputArgumentIndex | 0 |
@@ -5428,7 +6535,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:61:190:64 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | InputArgumentIndex | 0 |
@@ -5437,7 +6544,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:75:190:89 | /(\\.\\.[\\/\\\\])+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | calleeImports | path |
@@ -5445,14 +6552,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:92:190:93 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:13:191:91 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | InputArgumentIndex | 0 |
@@ -5461,7 +6568,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | InputArgumentIndex | 0 |
@@ -5470,7 +6577,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:61:191:64 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | InputArgumentIndex | 0 |
@@ -5479,7 +6586,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:75:191:85 | /(\\.\\.\\/)+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | calleeImports | path |
@@ -5487,14 +6594,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:88:191:89 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:13:192:91 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | InputArgumentIndex | 0 |
@@ -5503,7 +6610,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | InputArgumentIndex | 0 |
@@ -5512,7 +6619,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:61:192:64 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | InputArgumentIndex | 0 |
@@ -5521,7 +6628,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:75:192:85 | /(\\.\\.\\/)*/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | calleeImports | path |
@@ -5529,14 +6636,14 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:88:192:89 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | contextFunctionInterfaces | views_local(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:13:194:74 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | InputArgumentIndex | 0 |
@@ -5545,7 +6652,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | InputArgumentIndex | 0 |
@@ -5554,7 +6661,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:53:194:68 | /^(\\.\\.[\\/\\\\])+/ | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | InputArgumentIndex | 1 |
@@ -5563,7 +6670,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:71:194:72 | '' | receiverName | path |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | InputArgumentIndex | 0 |
@@ -5571,7 +6678,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | InputArgumentIndex | 0 |
@@ -5580,7 +6687,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | InputArgumentIndex | 0 |
@@ -5589,7 +6696,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:50:195:53 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | InputArgumentIndex | 0 |
@@ -5598,7 +6705,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:64:195:79 | /^(\\.\\.[\\/\\\\])+/ | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | calleeImports | path |
@@ -5606,7 +6713,639 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:82:195:83 | '' | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:200:32:207:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | calleeImports |  |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:202:22:202:25 | "qs" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | CalleeFlexibleAccessPath | res.write |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) | receiverName | res |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | CalleeFlexibleAccessPath | qs.parse |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | calleeImports | qs |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:38:203:44 | req.url | receiverName | qs |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | CalleeFlexibleAccessPath | res.write |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) | receiverName | res |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | CalleeFlexibleAccessPath | qs.parse |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | calleeImports | qs |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) | receiverName | qs |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | CalleeFlexibleAccessPath | normalizeUrl |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | calleeImports | normalize-url |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:51:204:57 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | calleeImports |  |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:205:27:205:35 | "parseqs" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | CalleeFlexibleAccessPath | res.write |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) | receiverName | res |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | CalleeFlexibleAccessPath | parseqs.decode |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | calleeImports | parseqs |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | receiverName | parseqs |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | calleeImports |  |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/TaintedPath.js:209:20:209:34 | "child_process" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:210:32:215:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | calleeImports | url |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:211:24:211:30 | req.url | receiverName | url |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | calleeImports | url |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:211:33:211:36 | true | receiverName | url |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | CalleeFlexibleAccessPath | cp.execSync |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:212:15:212:22 | "foobar" | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | CalleeFlexibleAccessPath | cp.execSync |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:212:25:212:35 | {cwd: path} | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | CalleeFlexibleAccessPath | cp.execSync |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | InputAccessPathFromCallee | 1.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:19:213:26 | "foobar" | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:29:213:36 | ["args"] | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:30:213:35 | "args" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:39:213:49 | {cwd: path} | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | InputAccessPathFromCallee | 2.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:214:19:214:26 | "foobar" | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:214:29:214:39 | {cwd: path} | receiverName | cp |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | InputAccessPathFromCallee | 1.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | calleeImports |  |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/express.js:1:23:1:31 | "express" | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | calleeImports |  |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/express.js:2:24:2:43 | "express-fileupload" | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | CalleeFlexibleAccessPath | app.use |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | calleeImports | express |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() | receiverName | app |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | calleeImports | express |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:7:9:7:20 | "/some/path" | receiverName | app |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | calleeImports | express |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:7:23:9:1 | functio ... bar);\\n} | receiverName | app |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | CalleeFlexibleAccessPath | req.files.foo.mv |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | enclosingFunctionBody | req res req files foo mv req query bar |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | calleeImports |  |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:1:25:1:33 | 'express' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | calleeImports |  |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:2:20:2:31 | "handlebars" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | calleeImports |  |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:3:20:3:23 | "fs" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | CalleeFlexibleAccessPath | hb.registerHelper |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:23:10:31 | "catFile" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | CalleeFlexibleAccessPath | hb.registerHelper |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | contextSurroundingFunctionParameters | ()\n(filePath) |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:10:34:12:5 | functio ... )\\n    } | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | contextSurroundingFunctionParameters | ()\n(filePath) |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | CalleeFlexibleAccessPath | hb.registerHelper |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:13:23:13:38 | "prependToLines" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | hb.registerHelper |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:13:41:19:5 | functio ... ;\\n    } | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | CalleeFlexibleAccessPath | fs.readFileSync().split |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:16:18:16:21 | "\\n" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | CalleeFlexibleAccessPath | fs.readFileSync().split().map |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | contextSurroundingFunctionParameters | ()\n(prefix, filePath)\n(line) |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:17:16:17:38 | (line)  ...  + line | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | CalleeFlexibleAccessPath | fs.readFileSync().split().map().join |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:18:17:18:20 | "\\n" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | CalleeFlexibleAccessPath | hb.compile |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:20:42:20:90 | "conten ... path}}" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | CalleeFlexibleAccessPath | hb.compile |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:21:38:21:54 | "hello, {{name}}" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | CalleeFlexibleAccessPath | hb.compile |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:22:55:22:73 | "greeting.template" | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | CalleeFlexibleAccessPath | hb.compile |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | calleeImports | handlebars |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | contextSurroundingFunctionParameters | () |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:23:37:23:110 | "helper ... path}}" | receiverName | hb |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:28:9:28:21 | '/some/path1' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:28:24:30:1 | functio ... File)\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | enclosingFunctionBody | req res res send data compiledFileAccess path req params path |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | CalleeFlexibleAccessPath | data.compiledFileAccess |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | enclosingFunctionBody | req res res send data compiledFileAccess path req params path |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | CalleeFlexibleAccessPath | data.compiledFileAccess |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | InputAccessPathFromCallee | 0.path |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | assignedToPropName | path |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | enclosingFunctionBody | req res res send data compiledFileAccess path req params path |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:32:9:32:21 | '/some/path2' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:32:24:34:1 | functio ... File)\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | enclosingFunctionBody | req res res send data compiledBenign name req params name |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | CalleeFlexibleAccessPath | data.compiledBenign |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | enclosingFunctionBody | req res res send data compiledBenign name req params name |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | CalleeFlexibleAccessPath | data.compiledBenign |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | InputAccessPathFromCallee | 0.name |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | assignedToPropName | name |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | enclosingFunctionBody | req res res send data compiledBenign name req params name |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:36:9:36:21 | '/some/path3' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:36:24:38:1 | functio ... s ok)\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | enclosingFunctionBody | req res res send data compiledUnknown name req params name |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | CalleeFlexibleAccessPath | data.compiledUnknown |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | enclosingFunctionBody | req res res send data compiledUnknown name req params name |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | CalleeFlexibleAccessPath | data.compiledUnknown |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | InputAccessPathFromCallee | 0.name |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | assignedToPropName | name |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | enclosingFunctionBody | req res res send data compiledUnknown name req params name |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:40:9:40:21 | '/some/path4' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:40:24:45:1 | functio ...  }));\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | enclosingFunctionBody | req res res send data compiledMixed prefix >>>  path req params path |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | enclosingFunctionBody | req res res send data compiledMixed prefix >>>  path req params path |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | InputAccessPathFromCallee | 0.prefix |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | assignedToPropName | prefix |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | enclosingFunctionBody | req res res send data compiledMixed prefix >>>  path req params path |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:42:17:42:22 | ">>> " | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | InputAccessPathFromCallee | 0.path |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | assignedToPropName | path |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | enclosingFunctionBody | req res res send data compiledMixed prefix >>>  path req params path |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:47:9:47:21 | '/some/path5' | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | calleeImports | express |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:47:24:52:1 | functio ...  }));\\n} | receiverName | app |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | CalleeFlexibleAccessPath | res.send |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | enclosingFunctionBody | req res res send data compiledMixed prefix req params prefix path data/path-5.txt |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) | receiverName | res |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res res send data compiledMixed prefix req params prefix path data/path-5.txt |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } | receiverName | data |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | InputAccessPathFromCallee | 0.prefix |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | assignedToPropName | prefix |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | enclosingFunctionBody | req res res send data compiledMixed prefix req params prefix path data/path-5.txt |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | CalleeFlexibleAccessPath | data.compiledMixed |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | InputAccessPathFromCallee | 0.path |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | assignedToPropName | path |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | enclosingFunctionBody | req res res send data compiledMixed prefix req params prefix path data/path-5.txt |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/handlebars.js:50:15:50:31 | "data/path-5.txt" | fileImports | express fs handlebars |
 | autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/my-async-fs-module.js:1:20:1:23 | 'fs' | calleeImports |  |
@@ -5660,44 +7399,44 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:1:18:1:21 | 'fs' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:2:23:2:31 | 'express' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:3:19:3:23 | 'url' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:4:24:4:42 | 'sanitize-filename' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:5:26:5:31 | 'path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:10:9:10:16 | '/basic' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:10:19:18:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputArgumentIndex | 0 |
@@ -5706,7 +7445,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | InputArgumentIndex | 0 |
@@ -5715,7 +7454,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | InputArgumentIndex | 0 |
@@ -5724,7 +7463,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | InputArgumentIndex | 0 |
@@ -5733,7 +7472,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | InputArgumentIndex | 0 |
@@ -5742,7 +7481,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:16:35:16:38 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | InputArgumentIndex | 1 |
@@ -5751,7 +7490,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:16:41:16:52 | 'index.html' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -5760,7 +7499,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -5769,7 +7508,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:17:35:17:50 | '/home/user/www' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | InputArgumentIndex | 1 |
@@ -5778,27 +7517,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:17:53:17:56 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:20:9:20:20 | '/normalize' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:20:23:28:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | calleeImports | path |
@@ -5806,7 +7545,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:21:35:21:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | InputArgumentIndex | 0 |
@@ -5815,7 +7554,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | InputArgumentIndex | 0 |
@@ -5824,7 +7563,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | InputArgumentIndex | 0 |
@@ -5833,7 +7572,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | InputArgumentIndex | 0 |
@@ -5842,7 +7581,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | InputArgumentIndex | 0 |
@@ -5851,7 +7590,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:26:35:26:38 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | InputArgumentIndex | 1 |
@@ -5860,7 +7599,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:26:41:26:52 | 'index.html' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -5869,7 +7608,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -5878,7 +7617,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:27:35:27:50 | '/home/user/www' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | InputArgumentIndex | 1 |
@@ -5887,27 +7626,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:27:53:27:56 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:30:9:30:32 | '/norma ... solute' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:30:35:51:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | calleeImports | path |
@@ -5915,7 +7654,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:31:35:31:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | InputArgumentIndex | 0 |
@@ -5924,7 +7663,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | InputArgumentIndex | 0 |
@@ -5933,7 +7672,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:38:24:38:26 | "." | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | InputArgumentIndex | 0 |
@@ -5942,7 +7681,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | InputArgumentIndex | 0 |
@@ -5951,7 +7690,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | InputArgumentIndex | 0 |
@@ -5960,7 +7699,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:43:24:43:27 | ".." | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | InputArgumentIndex | 0 |
@@ -5969,7 +7708,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | InputArgumentIndex | 0 |
@@ -5978,7 +7717,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:46:24:46:28 | "../" | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | InputArgumentIndex | 0 |
@@ -5987,7 +7726,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | InputArgumentIndex | 0 |
@@ -5996,7 +7735,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | InputArgumentIndex | 0 |
@@ -6005,27 +7744,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:53:9:53:36 | '/norma ... DotDot' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:53:39:69:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | calleeImports | path |
@@ -6033,7 +7772,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:54:35:54:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | InputArgumentIndex | 0 |
@@ -6042,7 +7781,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:56:23:56:26 | ".." | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | InputArgumentIndex | 0 |
@@ -6051,7 +7790,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | InputArgumentIndex | 0 |
@@ -6060,7 +7799,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | InputArgumentIndex | 0 |
@@ -6069,7 +7808,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | InputArgumentIndex | 0 |
@@ -6078,7 +7817,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | InputArgumentIndex | 0 |
@@ -6087,27 +7826,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:71:9:71:28 | '/prepend-normalize' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:71:31:79:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | calleeImports | path |
@@ -6115,7 +7854,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | InputArgumentIndex | 0 |
@@ -6124,7 +7863,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:75:24:75:27 | ".." | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | InputArgumentIndex | 0 |
@@ -6133,7 +7872,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | InputArgumentIndex | 0 |
@@ -6142,21 +7881,21 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:81:9:81:19 | '/absolute' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:81:22:91:1 | (req, r ... '../'\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -6164,7 +7903,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:87:13:87:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | InputArgumentIndex | 0 |
@@ -6173,7 +7912,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6181,7 +7920,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:89:23:89:38 | '/home/user/www' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -6189,7 +7928,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:90:15:90:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | InputArgumentIndex | 0 |
@@ -6198,27 +7937,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:93:9:93:30 | '/norma ... solute' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:93:33:103:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | calleeImports | path |
@@ -6226,7 +7965,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:94:35:94:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -6234,7 +7973,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:99:13:99:33 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | InputArgumentIndex | 0 |
@@ -6243,7 +7982,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6252,7 +7991,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:101:23:101:38 | '/home/user/www' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | CalleeFlexibleAccessPath | res.write |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | InputArgumentIndex | 0 |
@@ -6260,7 +7999,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:102:15:102:35 | fs.read ... c(path) | receiverName | res |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | InputArgumentIndex | 0 |
@@ -6269,27 +8008,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:105:9:105:25 | '/combined-check' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:105:28:114:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:106:14:106:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | calleeImports | path |
@@ -6297,7 +8036,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:106:35:106:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | InputArgumentIndex | 0 |
@@ -6306,7 +8045,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:109:23:109:38 | "/home/user/www" | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | InputArgumentIndex | 0 |
@@ -6315,7 +8054,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | InputArgumentIndex | 0 |
@@ -6324,27 +8063,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:116:9:116:19 | '/realpath' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:116:22:127:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | CalleeFlexibleAccessPath | fs.realpathSync |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | calleeImports | fs |
@@ -6352,7 +8091,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | InputArgumentIndex | 0 |
@@ -6361,7 +8100,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | InputArgumentIndex | 0 |
@@ -6370,7 +8109,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | InputArgumentIndex | 0 |
@@ -6379,7 +8118,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:120:35:120:38 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | InputArgumentIndex | 1 |
@@ -6388,7 +8127,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:120:41:120:52 | 'index.html' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | InputArgumentIndex | 0 |
@@ -6397,7 +8136,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:122:23:122:38 | "/home/user/www" | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | InputArgumentIndex | 0 |
@@ -6406,7 +8145,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -6415,7 +8154,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | InputArgumentIndex | 0 |
@@ -6424,7 +8163,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:125:35:125:37 | '.' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | InputArgumentIndex | 1 |
@@ -6433,7 +8172,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:125:40:125:43 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | InputArgumentIndex | 0 |
@@ -6442,7 +8181,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6451,7 +8190,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:126:35:126:50 | '/home/user/www' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | InputArgumentIndex | 1 |
@@ -6460,27 +8199,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:126:53:126:56 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:129:9:129:26 | '/coerce-relative' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:129:29:136:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | calleeImports | path |
@@ -6488,7 +8227,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:130:30:130:32 | '.' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | InputArgumentIndex | 1 |
@@ -6497,7 +8236,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:130:35:130:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | InputArgumentIndex | 0 |
@@ -6506,7 +8245,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:132:24:132:27 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | InputArgumentIndex | 0 |
@@ -6515,7 +8254,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | InputArgumentIndex | 0 |
@@ -6524,27 +8263,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:138:9:138:26 | '/coerce-absolute' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:138:29:145:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | calleeImports | path |
@@ -6552,7 +8291,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:139:30:139:45 | '/home/user/www' | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | InputArgumentIndex | 1 |
@@ -6561,7 +8300,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:139:48:139:61 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6570,7 +8309,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:141:23:141:38 | '/home/user/www' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | InputArgumentIndex | 0 |
@@ -6579,7 +8318,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | InputArgumentIndex | 0 |
@@ -6588,27 +8327,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:147:9:147:37 | '/conca ... zation' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:147:40:157:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | calleeImports | path |
@@ -6616,7 +8355,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:148:44:148:57 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | InputArgumentIndex | 0 |
@@ -6625,7 +8364,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:150:24:150:27 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | InputArgumentIndex | 0 |
@@ -6634,7 +8373,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | InputArgumentIndex | 0 |
@@ -6643,7 +8382,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | CalleeFlexibleAccessPath | path.includes |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | InputArgumentIndex | 0 |
@@ -6652,7 +8391,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:155:22:155:25 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | InputArgumentIndex | 0 |
@@ -6661,27 +8400,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:159:9:159:19 | '/noDotDot' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:159:22:171:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | calleeImports | path |
@@ -6689,7 +8428,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:160:35:160:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | CalleeFlexibleAccessPath | path.includes |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | InputArgumentIndex | 0 |
@@ -6698,7 +8437,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:162:21:162:24 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | InputArgumentIndex | 0 |
@@ -6707,7 +8446,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | InputArgumentIndex | 0 |
@@ -6716,7 +8455,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | InputArgumentIndex | 0 |
@@ -6725,21 +8464,21 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:173:9:173:26 | '/join-regression' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:173:29:211:1 | (req, r ... OT OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | InputArgumentIndex | 0 |
@@ -6747,7 +8486,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:180:23:180:25 | '/' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | InputArgumentIndex | 0 |
@@ -6755,7 +8494,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:181:23:181:26 | '/x' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | InputArgumentIndex | 0 |
@@ -6763,7 +8502,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:182:23:182:25 | '.' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | InputArgumentIndex | 0 |
@@ -6772,7 +8511,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | InputArgumentIndex | 0 |
@@ -6781,7 +8520,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | InputArgumentIndex | 0 |
@@ -6790,7 +8529,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | CalleeFlexibleAccessPath | path.includes |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | InputArgumentIndex | 0 |
@@ -6798,7 +8537,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:191:21:191:24 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | InputArgumentIndex | 0 |
@@ -6807,7 +8546,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | InputArgumentIndex | 0 |
@@ -6816,7 +8555,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | CalleeFlexibleAccessPath | path.includes |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | InputArgumentIndex | 0 |
@@ -6824,7 +8563,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:196:22:196:25 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | InputArgumentIndex | 0 |
@@ -6833,7 +8572,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | InputArgumentIndex | 0 |
@@ -6842,7 +8581,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | InputArgumentIndex | 0 |
@@ -6851,7 +8590,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:201:45:201:48 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6860,7 +8599,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:202:33:202:48 | '/home/user/www' | receiverName | normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | InputArgumentIndex | 0 |
@@ -6869,7 +8608,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | InputArgumentIndex | 0 |
@@ -6878,7 +8617,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | CalleeFlexibleAccessPath | normalizedPath.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | InputArgumentIndex | 0 |
@@ -6887,7 +8626,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:207:33:207:48 | '/home/user/www' | receiverName | normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | CalleeFlexibleAccessPath | normalizedPath.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | InputArgumentIndex | 0 |
@@ -6896,7 +8635,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:207:80:207:98 | '/home/user/public' | receiverName | normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | InputArgumentIndex | 0 |
@@ -6905,7 +8644,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | InputArgumentIndex | 0 |
@@ -6914,27 +8653,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:213:9:213:37 | '/decod ... zation' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:213:40:223:1 | (req, r ... lized\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | calleeImports | path |
@@ -6942,7 +8681,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:214:35:214:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | InputArgumentIndex | 0 |
@@ -6951,7 +8690,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:216:56:216:59 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | InputArgumentIndex | 0 |
@@ -6960,27 +8699,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:219:29:219:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | CalleeFlexibleAccessPath | path.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:221:56:221:59 | '..' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | InputArgumentIndex | 0 |
@@ -6989,27 +8728,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:225:9:225:18 | '/replace' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:225:21:233:1 | (req, r ... K\\n  }\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | calleeImports | path |
@@ -7017,7 +8756,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:226:35:226:48 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | InputArgumentIndex | 0 |
@@ -7026,7 +8765,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:226:59:226:64 | /%20/g | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | CalleeFlexibleAccessPath | pathModule.normalize().replace |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | calleeImports | path |
@@ -7034,7 +8773,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:226:67:226:69 | ' ' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | calleeImports | fs |
@@ -7042,13 +8781,13 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:230:12:230:36 | path.re ... /g, '') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | calleeImports | path |
@@ -7056,7 +8795,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:230:25:230:31 | /\\.\\./g | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | CalleeFlexibleAccessPath | path.replace |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | InputArgumentIndex | 1 |
@@ -7065,7 +8804,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:230:34:230:35 | '' | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | InputArgumentIndex | 0 |
@@ -7074,27 +8813,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:235:9:235:23 | '/resolve-path' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:235:26:251:1 | (req, r ... arity\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | calleeImports | path |
@@ -7102,7 +8841,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:236:33:236:46 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | InputArgumentIndex | 0 |
@@ -7111,7 +8850,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | CalleeFlexibleAccessPath | path.substring |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | InputArgumentIndex | 0 |
@@ -7120,7 +8859,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:242:22:242:22 | 0 | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | CalleeFlexibleAccessPath | path.substring |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | InputArgumentIndex | 1 |
@@ -7129,7 +8868,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | InputArgumentIndex | 0 |
@@ -7138,7 +8877,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | InputArgumentIndex | 0 |
@@ -7147,7 +8886,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | CalleeFlexibleAccessPath | path.slice |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | InputArgumentIndex | 0 |
@@ -7156,7 +8895,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:247:18:247:18 | 0 | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | CalleeFlexibleAccessPath | path.slice |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | InputArgumentIndex | 1 |
@@ -7165,7 +8904,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | InputArgumentIndex | 0 |
@@ -7174,7 +8913,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | InputArgumentIndex | 0 |
@@ -7183,27 +8922,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:253:9:253:30 | '/relat ... tswith' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:253:33:298:1 | (req, r ...  \\n  }\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | calleeImports | path |
@@ -7211,7 +8950,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:254:33:254:46 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | InputArgumentIndex | 0 |
@@ -7220,7 +8959,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | InputArgumentIndex | 0 |
@@ -7229,7 +8968,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:260:38:260:49 | self.webroot | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | InputArgumentIndex | 1 |
@@ -7238,7 +8977,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:260:52:260:55 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | relative.startsWith |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | InputArgumentIndex | 0 |
@@ -7247,7 +8986,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | receiverName | relative |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | InputArgumentIndex | 0 |
@@ -7256,7 +8995,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | InputArgumentIndex | 0 |
@@ -7265,7 +9004,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | InputArgumentIndex | 0 |
@@ -7274,7 +9013,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:267:38:267:41 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | InputArgumentIndex | 0 |
@@ -7283,7 +9022,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:268:42:268:75 | pathMod ... aceDir) | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | InputArgumentIndex | 0 |
@@ -7292,7 +9031,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:268:63:268:74 | workspaceDir | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | InputArgumentIndex | 1 |
@@ -7301,7 +9040,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:268:78:268:84 | newpath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | CalleeFlexibleAccessPath | relativePath.indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | InputArgumentIndex | 0 |
@@ -7310,7 +9049,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | receiverName | relativePath |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | InputArgumentIndex | 0 |
@@ -7319,7 +9058,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | InputArgumentIndex | 0 |
@@ -7328,7 +9067,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | InputArgumentIndex | 0 |
@@ -7337,7 +9076,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:275:38:275:41 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | InputArgumentIndex | 0 |
@@ -7346,7 +9085,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:276:42:276:75 | pathMod ... aceDir) | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | InputArgumentIndex | 0 |
@@ -7355,7 +9094,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:276:63:276:74 | workspaceDir | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | InputArgumentIndex | 1 |
@@ -7364,7 +9103,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:276:78:276:84 | newpath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | CalleeFlexibleAccessPath | relativePath.indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | InputArgumentIndex | 0 |
@@ -7373,7 +9112,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:277:28:277:32 | '../' | receiverName | relativePath |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | InputArgumentIndex | 0 |
@@ -7382,7 +9121,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | InputArgumentIndex | 0 |
@@ -7391,7 +9130,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | InputArgumentIndex | 0 |
@@ -7400,7 +9139,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:283:38:283:41 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | InputArgumentIndex | 0 |
@@ -7409,7 +9148,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:284:42:284:75 | pathMod ... aceDir) | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | InputArgumentIndex | 0 |
@@ -7418,7 +9157,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:284:63:284:74 | workspaceDir | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | InputArgumentIndex | 1 |
@@ -7427,7 +9166,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:284:78:284:84 | newpath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | InputArgumentIndex | 0 |
@@ -7436,7 +9175,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:285:28:285:39 | relativePath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | InputArgumentIndex | 0 |
@@ -7445,7 +9184,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:285:50:285:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | calleeImports | fs |
@@ -7453,7 +9192,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | InputArgumentIndex | 0 |
@@ -7462,7 +9201,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | InputArgumentIndex | 0 |
@@ -7471,7 +9210,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:291:38:291:41 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | InputArgumentIndex | 0 |
@@ -7480,7 +9219,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:292:42:292:75 | pathMod ... aceDir) | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | InputArgumentIndex | 0 |
@@ -7489,7 +9228,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:292:63:292:74 | workspaceDir | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | CalleeFlexibleAccessPath | pathModule.relative |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | InputArgumentIndex | 1 |
@@ -7498,7 +9237,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:292:78:292:84 | newpath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | CalleeFlexibleAccessPath | pathModule.normalize |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | InputArgumentIndex | 0 |
@@ -7507,7 +9246,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:293:28:293:39 | relativePath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | CalleeFlexibleAccessPath | pathModule.normalize().indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | InputArgumentIndex | 0 |
@@ -7516,7 +9255,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:293:50:293:54 | '../' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | calleeImports | fs |
@@ -7524,7 +9263,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | InputArgumentIndex | 0 |
@@ -7533,33 +9272,33 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:300:28:300:43 | "is-path-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | calleeImports |  |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:301:28:301:43 | "path-is-inside" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:302:9:302:32 | '/pseud ... ations' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:302:35:336:1 | (req, r ... \\n\\n\\t}\\n\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | InputArgumentIndex | 0 |
@@ -7568,7 +9307,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | InputArgumentIndex | 0 |
@@ -7577,7 +9316,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | InputArgumentIndex | 0 |
@@ -7586,7 +9325,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | InputArgumentIndex | 0 |
@@ -7595,7 +9334,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | calleeImports | path-is-inside |
@@ -7603,7 +9342,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:312:25:312:28 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | calleeImports | fs |
@@ -7611,7 +9350,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | InputArgumentIndex | 0 |
@@ -7620,7 +9359,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | InputArgumentIndex | 0 |
@@ -7629,7 +9368,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:320:39:320:42 | SAFE | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | InputArgumentIndex | 1 |
@@ -7638,7 +9377,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:320:45:320:48 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | InputArgumentIndex | 0 |
@@ -7647,7 +9386,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | calleeImports | path-is-inside |
@@ -7655,7 +9394,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:321:35:321:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | calleeImports | fs |
@@ -7663,7 +9402,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | InputArgumentIndex | 0 |
@@ -7672,7 +9411,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | InputArgumentIndex | 0 |
@@ -7681,7 +9420,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | CalleeFlexibleAccessPath | pathIsInside |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | calleeImports | path-is-inside |
@@ -7689,7 +9428,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:328:35:328:38 | SAFE | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | calleeImports | fs |
@@ -7697,7 +9436,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | InputArgumentIndex | 0 |
@@ -7706,27 +9445,27 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:338:9:338:29 | '/yet-a ... prefix' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:338:32:350:1 | (req, r ... // OK\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | calleeImports | path |
@@ -7734,7 +9473,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:339:32:339:45 | req.query.path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | InputArgumentIndex | 0 |
@@ -7743,7 +9482,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | CalleeFlexibleAccessPath | pathModule.resolve |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | InputArgumentIndex | 0 |
@@ -7752,7 +9491,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:343:31:343:34 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | CalleeFlexibleAccessPath | abs.indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | InputArgumentIndex | 0 |
@@ -7761,7 +9500,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | receiverName | abs |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | InputArgumentIndex | 0 |
@@ -7770,7 +9509,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | InputArgumentIndex | 0 |
@@ -7779,21 +9518,21 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:353:9:353:30 | '/yet-a ... refix2' | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | calleeImports | express |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:353:33:373:1 | (req, r ... ;\\n  }\\n} | receiverName | app |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | InputArgumentIndex | 0 |
@@ -7802,7 +9541,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | InputArgumentIndex | 0 |
@@ -7811,7 +9550,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:358:37:358:44 | rootPath | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | CalleeFlexibleAccessPath | pathModule.join |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | InputArgumentIndex | 1 |
@@ -7820,7 +9559,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:358:47:358:50 | path | receiverName | pathModule |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | CalleeFlexibleAccessPath | allowPath |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | InputArgumentIndex | 0 |
@@ -7828,14 +9567,14 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | CalleeFlexibleAccessPath | allowPath |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | calleeImports | fs |
@@ -7843,7 +9582,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | InputArgumentIndex | 0 |
@@ -7852,7 +9591,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | InputArgumentIndex | 0 |
@@ -7861,7 +9600,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | CalleeFlexibleAccessPath | requestPath.indexOf |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | InputArgumentIndex | 0 |
@@ -7869,50 +9608,217 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextSurroundingFunctionParameters | (requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | receiverName | requestPath |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | calleeImports | express |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:376:9:376:22 | '/slash-stuff' | receiverName | app |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | calleeImports | express |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:376:25:382:1 | (req, r ... OT OK\\n} | receiverName | app |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | CalleeFlexibleAccessPath | slash |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | calleeImports | slash |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | calleeImports | express |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:384:9:384:24 | '/dotdot-regexp' | receiverName | app |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | calleeImports | express |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:384:27:404:1 | (req, r ... K\\n  }\\n} | receiverName | app |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | CalleeFlexibleAccessPath | pathModule.normalize |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:385:35:385:45 | req.query.x | receiverName | pathModule |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:1:20:1:25 | "http" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:2:17:2:21 | "url" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:3:16:3:19 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:4:24:4:36 | "graceful-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:5:21:5:30 | "fs-extra" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:6:24:6:36 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:8:32:25:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | InputArgumentIndex | 0 |
@@ -7921,7 +9827,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:24:9:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | InputArgumentIndex | 1 |
@@ -7930,7 +9836,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:9:33:9:36 | true | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputArgumentIndex | 0 |
@@ -7939,7 +9845,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | CalleeFlexibleAccessPath | gracefulFs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | InputArgumentIndex | 0 |
@@ -7948,7 +9854,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | receiverName | gracefulFs |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | CalleeFlexibleAccessPath | fsExtra.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | InputArgumentIndex | 0 |
@@ -7957,7 +9863,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | receiverName | fsExtra |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | CalleeFlexibleAccessPath | originalFs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | InputArgumentIndex | 0 |
@@ -7966,7 +9872,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | receiverName | originalFs |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | InputArgumentIndex | 0 |
@@ -7974,14 +9880,14 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | calleeImports |  |
@@ -7989,7 +9895,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:19:11:19:26 | "./my-fs-module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | CalleeFlexibleAccessPath | import("p").require().readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | calleeImports | ./my-fs-module |
@@ -7997,7 +9903,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | calleeImports |  |
@@ -8005,7 +9911,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | CalleeFlexibleAccessPath | flexibleModuleName.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | calleeImports |  |
@@ -8013,7 +9919,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | receiverName | flexibleModuleName |
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | InputArgumentIndex | 0 |
@@ -8022,7 +9928,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | contextSurroundingFunctionParameters | (special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionBody | special special require fs require original-fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | enclosingFunctionName | getFsModule |
-| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:29:20:29:23 | "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | calleeImports |  |
@@ -8030,19 +9936,19 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | contextSurroundingFunctionParameters | (special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionBody | special special require fs require original-fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | enclosingFunctionName | getFsModule |
-| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:31:20:31:32 | "original-fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:35:20:35:25 | "util" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:37:19:43:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | InputArgumentIndex | 0 |
@@ -8051,7 +9957,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:24:38:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | InputArgumentIndex | 1 |
@@ -8060,7 +9966,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:38:33:38:36 | true | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | CalleeFlexibleAccessPath | util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | InputArgumentIndex | 0 |
@@ -8069,7 +9975,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:18:40:32 | fs.readFileSync | receiverName | util |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | CalleeFlexibleAccessPath | util.promisify() |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | InputArgumentIndex | 0 |
@@ -8078,7 +9984,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | calleeImports |  |
@@ -8086,7 +9992,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:41:11:41:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | CalleeFlexibleAccessPath | import(!).promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | calleeImports | bluebird |
@@ -8094,7 +10000,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:41:33:41:47 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | CalleeFlexibleAccessPath | import(!).promisify() |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | calleeImports | bluebird |
@@ -8102,7 +10008,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | calleeImports |  |
@@ -8110,7 +10016,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:42:11:42:20 | "bluebird" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | CalleeFlexibleAccessPath | import(!).promisifyAll |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | calleeImports | bluebird |
@@ -8118,7 +10024,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:42:36:42:37 | fs | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | CalleeFlexibleAccessPath | import(!).promisifyAll().readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | calleeImports | bluebird |
@@ -8126,56 +10032,370 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | calleeImports |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | calleeImports | http |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:19:53:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/other-fs-libraries.js:46:25:46:46 | "./my-a ... module" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:19:64:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | calleeImports | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:24:49:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | calleeImports | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:33:49:36 | true | receiverName | url |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | calleeImports | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | CalleeFlexibleAccessPath | asyncFS.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | calleeImports | ./my-async-fs-module |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | receiverName | asyncFS |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:11:54:16 | "pify" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | CalleeFlexibleAccessPath | import(!) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:19:54:33 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:11:55:16 | "pify" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | CalleeFlexibleAccessPath | import(!) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:19:55:20 | fs | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | CalleeFlexibleAccessPath | import(!)().readFileSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:11:57:26 | 'util.promisify' | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | CalleeFlexibleAccessPath | import(!) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | calleeImports | util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:29:57:43 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | calleeImports | util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:11:59:19 | "thenify" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | CalleeFlexibleAccessPath | import(!) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | calleeImports | thenify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:22:59:36 | fs.readFileSync | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | calleeImports | thenify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:27:61:36 | 'read-pkg' | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | CalleeFlexibleAccessPath | readPkg.readPackageSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} | receiverName | readPkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | CalleeFlexibleAccessPath | readPkg.readPackageSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | InputAccessPathFromCallee | 0.cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | CalleeFlexibleAccessPath | readPkg.readPackageAsync |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} | receiverName | readPkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | CalleeFlexibleAccessPath | readPkg.readPackageAsync |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | InputAccessPathFromCallee | 0.cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | calleeImports |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:24:66:31 | "mkdirp" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:19:73:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | calleeImports | url |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:24:68:30 | req.url | receiverName | url |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | calleeImports | url |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:33:68:36 | true | receiverName | url |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | CalleeFlexibleAccessPath | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | calleeImports | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | CalleeFlexibleAccessPath | mkdirp.sync |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | calleeImports | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | receiverName | mkdirp |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | calleeImports |  |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/prettier.js:1:25:1:33 | 'express' | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | calleeImports |  |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/prettier.js:2:26:2:35 | "prettier" | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | calleeImports | express |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:5:9:5:20 | '/some/path' | receiverName | app |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | calleeImports | express |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:5:23:14:1 | functio ...   });\\n} | receiverName | app |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | CalleeFlexibleAccessPath | prettier.resolveConfig().then |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:7:36:9:5 | (option ... ;\\n    } | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:8:43:8:47 | "foo" | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:8:50:8:56 | options | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:11:28:11:32 | "foo" | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:11:35:11:45 | {config: p} | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | InputAccessPathFromCallee | 1.config |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | assignedToPropName | config |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | CalleeFlexibleAccessPath | prettier.resolveConfig().then |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:53:13:5 | (option ... ;\\n    } | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:12:43:12:47 | "bar" | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | contextSurroundingFunctionParameters | (req, res)\n(options) |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:12:50:12:56 | options | receiverName | prettier |
 | autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/pupeteer.js:1:27:1:37 | 'puppeteer' | calleeImports |  |
@@ -8248,25 +10468,25 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | calleeImports |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:1:18:1:21 | 'fs' | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | calleeImports |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:2:20:2:25 | 'http' | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | calleeImports |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:3:19:3:23 | 'url' | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | calleeImports | http |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:5:32:32:1 | functio ... OT OK\\n} | receiverName | http |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | InputArgumentIndex | 0 |
@@ -8275,7 +10495,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:24:6:30 | req.url | receiverName | url |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | CalleeFlexibleAccessPath | url.parse |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | InputArgumentIndex | 1 |
@@ -8284,7 +10504,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:6:33:6:36 | true | receiverName | url |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | InputArgumentIndex | 0 |
@@ -8293,7 +10513,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | InputArgumentIndex | 0 |
@@ -8302,7 +10522,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | InputArgumentIndex | 0 |
@@ -8311,7 +10531,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | InputArgumentIndex | 0 |
@@ -8320,7 +10540,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | InputArgumentIndex | 0 |
@@ -8329,7 +10549,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | InputArgumentIndex | 0 |
@@ -8338,7 +10558,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | InputArgumentIndex | 0 |
@@ -8347,7 +10567,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | InputArgumentIndex | 0 |
@@ -8356,8 +10576,111 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | receiverName | fs |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | calleeImports |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:22:36:30 | 'node:fs' | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:33:41:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | calleeImports | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path nodefs readFileSync path |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:24:39:30 | req.url | receiverName | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | calleeImports | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | enclosingFunctionBody | req res path url parse req url true query path nodefs readFileSync path |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:33:39:36 | true | receiverName | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | CalleeFlexibleAccessPath | nodefs.readFileSync |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | calleeImports | node:fs |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | enclosingFunctionBody | req res path url parse req url true query path nodefs readFileSync path |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | receiverName | nodefs |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | calleeImports |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:24:45:31 | "chownr" | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | http.createServer |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | calleeImports | http |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:33:50:1 | functio ... OT OK\\n} | receiverName | http |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | calleeImports | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:24:48:30 | req.url | receiverName | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | CalleeFlexibleAccessPath | url.parse |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | calleeImports | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:33:48:36 | true | receiverName | url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:16:49:24 | "someuid" | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:27:49:35 | "somegid" | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | InputArgumentIndex | 3 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | contextSurroundingFunctionParameters | (req, res)\n(err) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-array-steps.js:1:18:1:21 | 'fs' | calleeImports |  |
@@ -8475,20 +10798,20 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | calleeImports |  |
 | autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:1:23:1:31 | 'express' | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | calleeImports | express |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | contextSurroundingFunctionParameters |  |
-| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:5:9:5:20 | '/some/path' | receiverName | app |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | InputArgumentIndex | 1 |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | calleeImports | express |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:5:23:8:1 | functio ... e"));\\n} | receiverName | app |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | InputArgumentIndex | 0 |
@@ -8497,15 +10820,94 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionBody | req res m require req param module |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | CalleeFlexibleAccessPath | req.param |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextFunctionInterfaces |  |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionBody | req res m require req param module |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:7:29:7:36 | "module" | receiverName | req |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | CalleeFlexibleAccessPath | require |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | calleeImports |  |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/tainted-require.js:10:25:10:33 | "resolve" | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | calleeImports | express |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | contextSurroundingFunctionParameters |  |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:11:9:11:20 | '/some/path' | receiverName | app |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | calleeImports | express |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:11:23:17:1 | functio ...   });\\n} | receiverName | app |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | CalleeFlexibleAccessPath | resolve.sync |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | receiverName | resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | CalleeFlexibleAccessPath | req.param |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:39:12:46 | "module" | receiverName | req |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | CalleeFlexibleAccessPath | req.param |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:21:14:28 | "module" | receiverName | req |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:32:14:53 | { based ... rname } | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | InputAccessPathFromCallee | 1.basedir |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | assignedToPropName | basedir |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:43:14:51 | __dirname | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | contextSurroundingFunctionParameters | (req, res)\n(err, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:56:16:3 | functio ... es;\\n  } | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/TaintedPath/tainted-sendFile.js:1:23:1:31 | 'express' | calleeImports |  |
@@ -9390,17 +11792,17 @@ tokenFeatures
 | autogenerated/TaintedPath/views.js:1:43:1:55 | req.params[0] | receiverName | res |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:23:1:31 | 'message' | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (event) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:1:34:3:1 | functio ... OT OK\\n} | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextSurroundingFunctionParameters | (event) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionBody | event document write event data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionName | addEventListener#functionalargument |
@@ -9408,17 +11810,17 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | CalleeFlexibleAccessPath | this.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:23:5:31 | 'message' | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | this.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (?) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:5:34:7:1 | functio ... OT OK\\n} | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextSurroundingFunctionParameters | (?) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionBody | data document write data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionName | addEventListener#functionalargument |
@@ -9426,57 +11828,57 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | CalleeFlexibleAccessPath | window.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:29:16:37 | "message" | receiverName | window |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | CalleeFlexibleAccessPath | window.addEventListener |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) | receiverName | window |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | CalleeFlexibleAccessPath | foo.bind |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:49:16:52 | null | receiverName | foo |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | CalleeFlexibleAccessPath | foo.bind |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:55:16:69 | {data: 'items'} | receiverName | foo |
@@ -9484,11 +11886,35 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputAccessPathFromCallee | 1.data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | assignedToPropName | data |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:62:16:68 | 'items' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | CalleeFlexibleAccessPath | document.write |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | receiverName | document |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | CalleeFlexibleAccessPath | mySet.includes |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | receiverName | mySet |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | CalleeFlexibleAccessPath | document.write |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | CalleeFlexibleAccessPath | Component |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputAccessPathFromCallee | 0.selector |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:7:13:7:22 | 'app-root' | InputArgumentIndex | 0 |
@@ -9660,18 +12086,18 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:32:7:44 | <span class=" | stringConcatenatedWith |  -endpoint- classNames() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9680,30 +12106,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:58:7:68 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:71:7:83 | ">Hello<span> | stringConcatenatedWith | '<span class="' + classNames() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:32:8:44 | <span class=" | stringConcatenatedWith |  -endpoint- classNamesD() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9712,30 +12138,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | calleeImports | classnames/dedupe |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:59:8:69 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:72:8:84 | ">Hello<span> | stringConcatenatedWith | '<span class="' + classNamesD() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:32:9:44 | <span class=" | stringConcatenatedWith |  -endpoint- classNamesB() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9744,12 +12170,12 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | calleeImports | classnames/bind |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:59:9:69 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:72:9:84 | ">Hello<span> | stringConcatenatedWith | '<span class="' + classNamesB() -endpoint-  |
@@ -9758,7 +12184,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:39:10:56 | {foo: window.name} | receiverName | classNames |
@@ -9769,24 +12195,24 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:32:11:44 | <span class=" | stringConcatenatedWith |  -endpoint- unsafeStyle() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9795,12 +12221,12 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:59:11:63 | 'foo' | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:66:11:78 | ">Hello<span> | stringConcatenatedWith | '<span class="' + unsafeStyle() -endpoint-  |
@@ -9809,25 +12235,25 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:12:37:12:38 | {} | receiverName | classNames |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:32:13:44 | <span class=" | stringConcatenatedWith |  -endpoint- safeStyle() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9836,30 +12262,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:57:13:67 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:70:13:82 | ">Hello<span> | stringConcatenatedWith | '<span class="' + safeStyle() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:32:14:44 | <span class=" | stringConcatenatedWith |  -endpoint- safeStyle() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9868,30 +12294,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | calleeImports | classnames |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:57:14:61 | 'foo' | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:64:14:76 | ">Hello<span> | stringConcatenatedWith | '<span class="' + safeStyle() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:32:15:44 | <span class=" | stringConcatenatedWith |  -endpoint- clsx() + '">Hello<span>' |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) | stringConcatenatedWith | '<span class="' -endpoint- '">Hello<span>' |
@@ -9900,15 +12326,408 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | calleeImports | clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:52:15:62 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:65:15:77 | ">Hello<span> | stringConcatenatedWith | '<span class="' + clsx() -endpoint-  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:27 | documen ... nerHTML | stringConcatenatedWith |  -endpoint- '<span class="' + clsx() + '">Hello<span>' |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:33:17:45 | <span class=" | stringConcatenatedWith | document.body.innerHTML -endpoint- clsx() + '">Hello<span>' |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) | stringConcatenatedWith | document.body.innerHTML + '<span class="' -endpoint- '">Hello<span>' |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | CalleeFlexibleAccessPath | clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | calleeImports | clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:53:17:63 | window.name | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:66:17:78 | ">Hello<span> | stringConcatenatedWith | document.body.innerHTML + '<span class="' + clsx() -endpoint-  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:3:1:8 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:14:1:20 | "paste" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | CalleeFlexibleAccessPath | clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:40:7:51 | 'text/plain' | receiverName | clipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | CalleeFlexibleAccessPath | clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:40:8:50 | 'text/html' | receiverName | clipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:40:13:44 | 'div' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | CalleeFlexibleAccessPath | document.body.append |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | CalleeFlexibleAccessPath | el.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | contextSurroundingFunctionParameters | (el) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:25:23:31 | 'paste' | receiverName | el |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | CalleeFlexibleAccessPath | el.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:34:25:5 | (e) =>  ...  \\n    } | receiverName | el |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:11:24:15 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | CalleeFlexibleAccessPath | e.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:47:24:57 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | CalleeFlexibleAccessPath | document.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:27:28:33 | 'paste' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | document.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:36:30:1 | (e) =>  ... OT OK\\n} | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | enclosingFunctionBody | e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:7:29:11 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | enclosingFunctionBody | e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | CalleeFlexibleAccessPath | e.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | enclosingFunctionBody | e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:43:29:53 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:3:32:8 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:16:32:22 | 'paste' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | enclosingFunctionBody | e $ #id html e originalEvent clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:7:33:11 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | enclosingFunctionBody | e $ #id html e originalEvent clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | CalleeFlexibleAccessPath | e.originalEvent.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | enclosingFunctionBody | e $ #id html e originalEvent clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:57:33:67 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:38:37:42 | "div" | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | CalleeFlexibleAccessPath | clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:44:42:55 | 'text/plain' | receiverName | clipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | CalleeFlexibleAccessPath | clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:44:43:54 | 'text/html' | receiverName | clipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:44:48:48 | 'div' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | CalleeFlexibleAccessPath | document.body.append |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:66:22:66:45 | e.clipb ... iles[i] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | CalleeFlexibleAccessPath | e.clipboardData.types.includes |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:40:70:50 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | CalleeFlexibleAccessPath | e.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:51:71:61 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:48:72:53 | 'html' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | CalleeFlexibleAccessPath | container.getElementsByTagName |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:51:74:55 | 'img' | receiverName | container |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | CalleeFlexibleAccessPath | dropItems.add |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:23:77:25 | src | receiverName | dropItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | CalleeFlexibleAccessPath | e.clipboardData.types.includes |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:47:79:58 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | CalleeFlexibleAccessPath | e.clipboardData.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:49:80:60 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | CalleeFlexibleAccessPath | dropItems.add |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:23:83:31 | plainText | receiverName | dropItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | CalleeFlexibleAccessPath | Array.from |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:35:87:43 | dropItems | receiverName | Array |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:38:93:42 | "div" | receiverName | document |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | CalleeFlexibleAccessPath | div.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:26:94:38 | "beforeinput" | receiverName | div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | div.addEventListener |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:41:100:5 | functio ... K\\n    } | receiverName | div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:43:98:53 | 'text/html' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:11:99:15 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | contextFunctionInterfaces | constructor(args)\ntest() |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | enclosingFunctionBody | innerHTML window name |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | fileImports | dummy |
 | autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/d3.js:1:20:1:23 | 'd3' | calleeImports |  |
@@ -10013,194 +12832,834 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/d3.js:21:15:21:24 | getTaint() | fileImports | d3 |
 | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:9:36:9:68 | window. ... ring(1) | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | CalleeFlexibleAccessPath | window.location.hash.substring |
 | autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:9:67:9:67 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | CalleeFlexibleAccessPath | dateFns.format |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | calleeImports | date-fns |
-| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:57:11:60 | time | receiverName | dateFns |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | CalleeFlexibleAccessPath | dateFns.format |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | calleeImports | date-fns |
-| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:63:11:67 | taint | receiverName | dateFns |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | CalleeFlexibleAccessPath | dateFnsEsm.format |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | calleeImports | date-fns/esm |
-| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:12:60:12:63 | time | receiverName | dateFnsEsm |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | CalleeFlexibleAccessPath | dateFnsEsm.format |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | calleeImports | date-fns/esm |
-| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:12:66:12:70 | taint | receiverName | dateFnsEsm |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | CalleeFlexibleAccessPath | dateFnsFp.format |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:13:59:13:63 | taint | receiverName | dateFnsFp |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | CalleeFlexibleAccessPath | dateFnsFp.format() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:13:66:13:69 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | CalleeFlexibleAccessPath | dateFns.format |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | calleeImports | date-fns |
-| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:57:14:61 | taint | receiverName | dateFns |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | CalleeFlexibleAccessPath | dateFns.format |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | calleeImports | date-fns |
-| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:64:14:67 | time | receiverName | dateFns |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | CalleeFlexibleAccessPath | dateFnsFp.format |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:15:59:15:62 | time | receiverName | dateFnsFp |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | CalleeFlexibleAccessPath | dateFnsFp.format() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | calleeImports | date-fns/fp |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | CalleeFlexibleAccessPath | moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | calleeImports | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:16:49:16:52 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | CalleeFlexibleAccessPath | moment().format |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | calleeImports | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:16:62:16:66 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | CalleeFlexibleAccessPath | moment |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | calleeImports | moment |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | CalleeFlexibleAccessPath | dateformat |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | calleeImports | dateformat |
-| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:18:53:18:56 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | CalleeFlexibleAccessPath | dateformat |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | calleeImports | dateformat |
-| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:18:59:18:63 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | CalleeFlexibleAccessPath | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | calleeImports | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/dates.js:21:48:21:51 | time | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | CalleeFlexibleAccessPath | dayjs().format |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | calleeImports | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/dates.js:21:61:21:65 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | CalleeFlexibleAccessPath | decodeURIComponent |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | CalleeFlexibleAccessPath | window.location.hash.substring |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:30:67:30:67 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | CalleeFlexibleAccessPath | dateFns.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | calleeImports | @date-io/date-fns |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:65:37:74 | new Date() | receiverName | dateFns |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | CalleeFlexibleAccessPath | dateFns.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | calleeImports | @date-io/date-fns |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:77:37:81 | taint | receiverName | dateFns |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | CalleeFlexibleAccessPath | luxon.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | calleeImports | @date-io/luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() | receiverName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | CalleeFlexibleAccessPath | luxon.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | calleeImports | @date-io/luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:38:77:38:81 | taint | receiverName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | CalleeFlexibleAccessPath | moment.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | CalleeFlexibleAccessPath | moment.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:79:39:83 | taint | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | CalleeFlexibleAccessPath | dayjs.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() | receiverName | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | CalleeFlexibleAccessPath | dayjs.formatByString |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:77:40:81 | taint | receiverName | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | CalleeFlexibleAccessPath | decodeURIComponent |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | CalleeFlexibleAccessPath | window.location.hash.substring |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:46:67:46:67 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | CalleeFlexibleAccessPath | DateTime.now().plus |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:62:48:71 | {years: 1} | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | CalleeFlexibleAccessPath | DateTime.now().plus |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | InputAccessPathFromCallee | 0.years |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | assignedToPropName | years |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:70:48:70 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | CalleeFlexibleAccessPath | DateTime.now().plus().toFormat |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:83:48:87 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | CalleeFlexibleAccessPath | DateTime().setLocale |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:67:49:70 | 'fr' | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | CalleeFlexibleAccessPath | DateTime().setLocale().toFormat |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:82:49:86 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | CalleeFlexibleAccessPath | DateTime.fromISO |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:59:50:70 | "2020-01-01" | receiverName | DateTime |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | CalleeFlexibleAccessPath | DateTime.fromISO().startOf |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:81:50:85 | 'day' | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | CalleeFlexibleAccessPath | DateTime.fromISO().startOf().toFormat |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | calleeImports | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:97:50:101 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | CalleeFlexibleAccessPath | decodeURIComponent |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | CalleeFlexibleAccessPath | window.location.hash.substring |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:54:67:54:67 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | CalleeFlexibleAccessPath | moment.addDays |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | CalleeFlexibleAccessPath | moment.date |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:69:57:80 | "2020-06-21" | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | CalleeFlexibleAccessPath | moment.addDays |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:84:57:84 | 1 | receiverName | moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | CalleeFlexibleAccessPath | moment.addDays().format |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | calleeImports | @date-io/moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:94:57:98 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | CalleeFlexibleAccessPath | luxon.endOfDay |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | calleeImports | @date-io/luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() | receiverName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | CalleeFlexibleAccessPath | luxon.endOfDay().toFormat |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | calleeImports | @date-io/luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:80:59:84 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | CalleeFlexibleAccessPath | dayjs.setHours |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() | receiverName | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | CalleeFlexibleAccessPath | dayjs.setHours |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:71:61:71 | 4 | receiverName | dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | CalleeFlexibleAccessPath | dayjs.setHours().format |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | calleeImports | @date-io/dayjs |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:81:61:85 | taint | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:3:1:8 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:14:1:19 | "drop" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:39:7:50 | 'text/plain' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:39:8:49 | 'text/html' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:40:13:44 | 'div' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | CalleeFlexibleAccessPath | document.body.append |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | CalleeFlexibleAccessPath | el.addEventListener |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | contextSurroundingFunctionParameters | (el) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:25:23:30 | 'drop' | receiverName | el |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | CalleeFlexibleAccessPath | el.addEventListener |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:33:25:5 | (e) =>  ...  \\n    } | receiverName | el |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:11:24:15 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | CalleeFlexibleAccessPath | e.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:46:24:56 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | CalleeFlexibleAccessPath | document.addEventListener |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:27:28:32 | 'drop' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | document.addEventListener |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:35:30:1 | (e) =>  ... OT OK\\n} | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | enclosingFunctionBody | e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:7:29:11 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | enclosingFunctionBody | e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | CalleeFlexibleAccessPath | e.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | enclosingFunctionBody | e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:42:29:52 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:3:32:8 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:16:32:21 | 'drop' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | enclosingFunctionBody | e $ #id html e originalEvent dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:7:33:11 | "#id" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | enclosingFunctionBody | e $ #id html e originalEvent dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | CalleeFlexibleAccessPath | e.originalEvent.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | enclosingFunctionBody | e $ #id html e originalEvent dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:56:33:66 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:38:37:42 | "div" | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:43:42:54 | 'text/plain' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | CalleeFlexibleAccessPath | dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:43:43:53 | 'text/html' | receiverName | dataTransfer |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:44:48:48 | 'div' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | CalleeFlexibleAccessPath | document.body.append |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:66:22:66:44 | e.dataT ... iles[i] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | CalleeFlexibleAccessPath | e.dataTransfer.types.includes |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:39:70:49 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | CalleeFlexibleAccessPath | e.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:50:71:60 | 'text/html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:48:72:53 | 'html' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | CalleeFlexibleAccessPath | container.getElementsByTagName |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:51:74:55 | 'img' | receiverName | container |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | CalleeFlexibleAccessPath | dropItems.add |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:23:77:25 | src | receiverName | dropItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | CalleeFlexibleAccessPath | e.dataTransfer.types.includes |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:46:79:57 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | CalleeFlexibleAccessPath | e.dataTransfer.getData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:48:80:59 | 'text/plain' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | CalleeFlexibleAccessPath | dropItems.add |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:23:83:31 | plainText | receiverName | dropItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | CalleeFlexibleAccessPath | Array.from |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:35:87:43 | dropItems | receiverName | Array |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:15 | '<a href="' | enclosingFunctionBody | loc window location href $ <a href=" encodeURIComponent loc ">click</a> |
@@ -10319,33 +13778,33 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:5:5:10 | "body" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:16 | "<div id=\\"" | stringConcatenatedWith |  -endpoint- tainted + '">' |
@@ -10353,18 +13812,18 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted | stringConcatenatedWith | '<div id="' -endpoint- '">' |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:30:7:34 | "\\">" | stringConcatenatedWith | '<div id="' + tainted -endpoint-  |
@@ -10372,26 +13831,26 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:5:8:10 | "body" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:9 | "<b>" | stringConcatenatedWith |  -endpoint- location.toString() + '</b>' |
@@ -10399,18 +13858,18 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:35:10:40 | "</b>" | stringConcatenatedWith | '<b>' + location.toString() -endpoint-  |
@@ -10418,49 +13877,276 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:13:37:13:39 | 'x' | receiverName | document |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:38:14:57 | window.location.hash | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:38:15:59 | window. ... .search | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | CalleeFlexibleAccessPath | decodeURIComponent |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:20:21:20 | 1 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:20:22:20 | 1 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:23:22:24 | 10 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | CalleeFlexibleAccessPath | hash.substr |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:17:23:17 | 1 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | CalleeFlexibleAccessPath | hash.slice |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:16:24:16 | 1 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:20:25:20 | 0 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | CalleeFlexibleAccessPath | hash.substring |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:23:25:24 | 10 | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:18:27:20 | '#' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:23:27:24 | '' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | CalleeFlexibleAccessPath | window.location.search.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:36:28:38 | '?' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | CalleeFlexibleAccessPath | window.location.search.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:41:28:42 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:18:29:20 | '!' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:23:29:24 | '' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:18:30:23 | 'blah' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | CalleeFlexibleAccessPath | hash.replace |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:26:30:27 | '' | receiverName | hash |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:9 | '<b>' | stringConcatenatedWith |  -endpoint- hash + '</b>' |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:20:34:25 | '</b>' | stringConcatenatedWith | '<b>' + hash -endpoint-  |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:1:23:1:31 | 'express' | calleeImports |  |
@@ -11957,6 +15643,105 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | enclosingFunctionName |  |
 | autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | fileImports |  |
 | autogenerated/Xss/DomBasedXss/translate.js:11:56:11:61 | 'term' | receiverName | searchParams |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:47:2:49 | 'x' | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:52:2:73 | { creat ...  => x } | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | InputAccessPathFromCallee | 1.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | assignedToPropName | createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:66:2:71 | x => x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | CalleeFlexibleAccessPath | policy1.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:24:3:34 | window.name | receiverName | policy1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:47:5:49 | 'x' | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:52:5:78 | { creat ... safe' } | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | InputAccessPathFromCallee | 1.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | assignedToPropName | createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:66:5:76 | x => 'safe' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | CalleeFlexibleAccessPath | policy2.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:24:6:34 | window.name | receiverName | policy2 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:47:8:49 | 'x' | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:52:8:73 | { creat ...  => x } | receiverName | trustedTypes |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | CalleeFlexibleAccessPath | trustedTypes.createPolicy |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | InputAccessPathFromCallee | 1.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | assignedToPropName | createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:66:8:71 | x => x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | CalleeFlexibleAccessPath | policy3.createHTML |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:24:9:29 | 'safe' | receiverName | policy3 |
 | autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst3.js:1:35:1:39 | "foo" | contextFunctionInterfaces |  |
@@ -12095,1751 +15880,2210 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst3.js:15:23:15:29 | data[p] | receiverName | foo |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:5:5:5:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:35 | "<OPTION value=1>" | stringConcatenatedWith |  -endpoint- document.location.href.substring() + '</OPTION>' |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:37:8:114 | documen ... t=")+8) | stringConcatenatedWith | '<OPTION value=1>' -endpoint- '</OPTION>' |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | CalleeFlexibleAccessPath | document.location.href.substring |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | CalleeFlexibleAccessPath | document.location.href.indexOf |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:101:8:110 | "default=" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:116:8:126 | "</OPTION>" | stringConcatenatedWith | '<OPTION value=1>' + document.location.href.substring() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:9:18:9:51 | "<OPTIO ... PTION>" | receiverName | document |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:24 | '<div style="width:' | stringConcatenatedWith |  -endpoint- target + 'px">' |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:12:28:12:33 | target | stringConcatenatedWith | '<div style="width:' -endpoint- 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:12:37:12:42 | 'px">' | stringConcatenatedWith | '<div style="width:' + target -endpoint-  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:24 | '<div style="width:' | stringConcatenatedWith |  -endpoint- ? + 'px">' |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:14:28:14:34 | +target | stringConcatenatedWith | '<div style="width:' -endpoint- 'px">' |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:14:38:14:43 | 'px">' | stringConcatenatedWith | '<div style="width:' + ? -endpoint-  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:24 | '<div style="width:' | stringConcatenatedWith |  -endpoint- parseInt() + 'px">' |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:15:28:15:43 | parseInt(target) | stringConcatenatedWith | '<div style="width:' -endpoint- 'px">' |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | CalleeFlexibleAccessPath | parseInt |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:37:15:42 | target | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:15:47:15:52 | 'px">' | stringConcatenatedWith | '<div style="width:' + parseInt() -endpoint-  |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:18:5:18:10 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | CalleeFlexibleAccessPath | params.get |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:29:18:34 | 'name' | receiverName | params |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | CalleeFlexibleAccessPath | URLSearchParams |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:20:42:20:60 | target.substring(1) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | CalleeFlexibleAccessPath | target.substring |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:20:59:20:59 | 1 | receiverName | target |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:21:5:21:10 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | CalleeFlexibleAccessPath | searchParams.get |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:35:21:40 | 'name' | receiverName | searchParams |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | contextSurroundingFunctionParameters | (target) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionBody | target $ myId html target |
 | autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | enclosingFunctionName | foo |
-| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:26:5:26:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextSurroundingFunctionParameters | (target) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionBody | target $ myId html target |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionName | foo |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:34:3:34:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:40:3:40:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | CalleeFlexibleAccessPath | baz |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | enclosingFunctionBody | s <div> s </div> |
 | autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | enclosingFunctionName | wrap |
-| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:43:10:43:16 | "<div>" | stringConcatenatedWith |  -endpoint- s + '</div>' |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionBody | s <div> s </div> |
 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | enclosingFunctionName | wrap |
-| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:43:20:43:20 | s | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | enclosingFunctionBody | s <div> s </div> |
 | autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | enclosingFunctionName | wrap |
-| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:43:24:43:31 | "</div>" | stringConcatenatedWith | '<div>' + s -endpoint-  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:46:3:46:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | CalleeFlexibleAccessPath | s.substr |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionBody | s s s substr 1  |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | enclosingFunctionName | chop |
-| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:50:21:50:21 | 1 | receiverName | s |
 | autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:54:3:54:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:56:3:56:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:58:3:58:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionBody | s $ myId html s |
 | autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | enclosingFunctionName | dangerouslySetInnerHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:62:5:62:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionBody | s $ myId html s |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionName | dangerouslySetInnerHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:68:3:68:8 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | CalleeFlexibleAccessPath | ?.forEach |
 | autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:70:37:74:1 | functio ... l(x);\\n} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | contextSurroundingFunctionParameters | (x) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionBody | x x $ myId html x |
 | autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | enclosingFunctionName | forEach#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:73:7:73:12 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextSurroundingFunctionParameters | (x) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionBody | x x $ myId html x |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionName | forEach#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:77:40:77:73 | {__html ... search} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:79:16:79:22 | 'myApp' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:79:25:79:26 | [] | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | CalleeFlexibleAccessPath | angular.module().service |
 | autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:80:14:80:24 | "myService" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | angular.module().service |
 | autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | ($sce, $other) |
-| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:80:27:88:5 | functio ... K\\n    } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsHtml |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsCss |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsUNKNOWN |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:83:29:83:52 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:84:22:84:30 | $sce.HTML | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:85:22:85:29 | $sce.CSS | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:86:22:86:28 | UNKNOWN | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:86:31:86:54 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | CalleeFlexibleAccessPath | $other.trustAsHtml |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:87:28:87:51 | documen ... .search | receiverName | $other |
 | autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | CalleeFlexibleAccessPath | angular.module().service().service |
 | autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:89:14:89:25 | "myService2" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | angular.module().service().service |
 | autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:89:28:92:5 | functio ... K\\n    } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | CalleeFlexibleAccessPath | angular.element |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:90:25:90:31 | '<div>' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | CalleeFlexibleAccessPath | angular.element().html |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | CalleeFlexibleAccessPath | angular.element |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:91:25:91:31 | '<div>' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | CalleeFlexibleAccessPath | angular.element().html |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:91:39:91:44 | 'SAFE' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | CalleeFlexibleAccessPath | angular.module().service().service().directive |
 | autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:93:16:93:27 | 'myCustomer' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | angular.module().service().service().directive |
 | autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:93:30:100:5 | functio ... ;\\n    } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | CalleeFlexibleAccessPath | element.html |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextSurroundingFunctionParameters | ()\n(scope, element) |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionBody | link scope element element html document location search element html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionName | directive#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | receiverName | element |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | CalleeFlexibleAccessPath | element.html |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | contextSurroundingFunctionParameters | ()\n(scope, element) |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionBody | link scope element element html document location search element html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | enclosingFunctionName | directive#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:97:30:97:35 | 'SAFE' | receiverName | element |
 | autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | CalleeFlexibleAccessPath | angular.module().service().service().directive().service |
 | autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:101:14:101:25 | "myService3" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | angular.module().service().service().directive().service |
 | autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:101:28:104:5 | functio ... K\\n    } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | CalleeFlexibleAccessPath | angular.element |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionBody | angular element document location search angular element SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | CalleeFlexibleAccessPath | angular.element |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionBody | angular element document location search angular element SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:103:25:103:30 | 'SAFE' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | CalleeFlexibleAccessPath | document.location.search.substr |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:107:43:107:43 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | CalleeFlexibleAccessPath | ?.test |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | CalleeFlexibleAccessPath | ?.exec |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:117:25:117:25 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | CalleeFlexibleAccessPath | v.match |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | receiverName | v |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | CalleeFlexibleAccessPath | v.match |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:127:15:127:22 | "^\\\\d+$" | receiverName | v |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | CalleeFlexibleAccessPath | ?.test |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | CalleeFlexibleAccessPath | ?.test |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:146:20:146:26 | 'myApp' | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | CalleeFlexibleAccessPath | angular.module |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:146:29:146:30 | [] | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:147:18:147:39 | "xssSou ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | CalleeFlexibleAccessPath | angular.module().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:147:42:149:10 | ["xssSi ...      }] | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:147:43:147:59 | "xssSinkService1" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(xssSinkService1) |
 | autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:147:62:149:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | CalleeFlexibleAccessPath | angular.module().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:150:18:150:34 | "xssSinkService1" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:150:37:152:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:151:35:151:41 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:154:18:154:41 | "xssSou ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:154:44:156:10 | ["xssSo ...      }] | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:154:45:154:62 | "xssSourceService" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:154:65:156:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:155:15:155:21 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:157:18:157:35 | "xssSourceService" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:157:38:159:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:161:18:161:44 | "innoce ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:161:47:163:10 | ["xssSi ...      }] | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:161:48:161:64 | "xssSinkService2" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(xssSinkService2) |
 | autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:161:67:163:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:164:18:164:34 | "xssSinkService2" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:164:37:166:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:165:35:165:41 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:168:18:168:46 | "innoce ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:168:49:170:10 | ["innoc ...      }] | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | fileImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:168:50:168:72 | "innoce ... ervice" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:168:75:170:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:169:15:169:21 | "<div>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:171:18:171:40 | "innoce ... ervice" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | CalleeFlexibleAccessPath | angular.module().factory().factory().factory().factory().factory().factory().factory().factory |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:171:43:173:9 | functio ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | CalleeFlexibleAccessPath | parser.parseFromString |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionBody | target document location search parser DOMParser parser parseFromString target application/xml |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionName | testDOMParser |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | receiverName | parser |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | CalleeFlexibleAccessPath | parser.parseFromString |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | enclosingFunctionBody | target document location search parser DOMParser parser parseFromString target application/xml |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | enclosingFunctionName | testDOMParser |
-| autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:180:36:180:52 | "application/xml" | receiverName | parser |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | CalleeFlexibleAccessPath | React.createElement |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:25:199:29 | "div" | receiverName | React |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createElement |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} | receiverName | React |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createElement |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:58:199:74 | {__html: tainted} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | CalleeFlexibleAccessPath | React.createElement |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputAccessPathFromCallee | 1.dangerouslySetInnerHTML.__html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | CalleeFlexibleAccessPath | React.createFactory |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:25:200:29 | "div" | receiverName | React |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | CalleeFlexibleAccessPath | React.createFactory() |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | CalleeFlexibleAccessPath | React.createFactory() |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:58:200:74 | {__html: tainted} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | CalleeFlexibleAccessPath | React.createFactory() |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputAccessPathFromCallee | 0.dangerouslySetInnerHTML.__html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | CalleeFlexibleAccessPath | this.setState |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | contextSurroundingFunctionParameters | ()\n()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:206:27:206:55 | () => ( ... nted }) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:212:15:212:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:213:15:213:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:214:15:214:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:215:15:215:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | CalleeFlexibleAccessPath | this.setState |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:217:27:219:13 | prevSta ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:218:19:218:24 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:225:15:225:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:226:15:226:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:227:15:227:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:228:15:228:20 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | CalleeFlexibleAccessPath | this.setState |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:230:27:232:13 | (prevSt ...       } | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:231:19:231:24 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | CalleeFlexibleAccessPath | super |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | contextSurroundingFunctionParameters | ()\n(props) |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:246:19:246:23 | props | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | assignedToPropName | dangerouslySetInnerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:251:51:251:83 | {__html ... ainted} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | assignedToPropName | __html |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionBody | $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionBody | $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionBody | name a b $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionBody | name a b $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:280:7:280:12 | "body" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | CalleeFlexibleAccessPath | $().append |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | CalleeFlexibleAccessPath | range.selectNode |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:287:22:287:65 | documen ... item(0) | receiverName | range |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | CalleeFlexibleAccessPath | document.getElementsByTagName |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:287:52:287:56 | "div" | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | CalleeFlexibleAccessPath | document.getElementsByTagName().item |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:287:64:287:64 | 0 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | CalleeFlexibleAccessPath | range.createContextualFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | receiverName | range |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | CalleeFlexibleAccessPath | document.body.appendChild |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionBody | obj obj Math random window name p obj $ p |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionName | flowThroughPropertyNames |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:303:5:303:10 | "body" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | CalleeFlexibleAccessPath | $().append |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:311:5:311:10 | "body" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | CalleeFlexibleAccessPath | $().append |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | CalleeFlexibleAccessPath | Handlebars.SafeString |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionBody | Handlebars SafeString location |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionName | handlebarsSafeString |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target length |
 | autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | enclosingFunctionName | test2 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:323:5:323:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionBody | target document location search $ myId html target length |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionName | test2 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:332:5:332:10 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | CalleeFlexibleAccessPath | params.get |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:29:332:34 | 'name' | receiverName | params |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:335:5:335:10 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | CalleeFlexibleAccessPath | myUrl.get |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:28:335:33 | 'name' | receiverName | myUrl |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionName | hash |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | CalleeFlexibleAccessPath | getUrl().hash.substring |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | enclosingFunctionName | hash |
-| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:343:29:343:29 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | CalleeFlexibleAccessPath | $.jGrowl |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionBody | target document location search $ jGrowl target |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionName | growl |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | receiverName | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | CalleeFlexibleAccessPath | this.html |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:357:20:357:25 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | CalleeFlexibleAccessPath | this.each |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | CalleeFlexibleAccessPath | this.html |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | assignedToPropName | innerHTML |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:374:5:374:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:377:5:377:10 | 'myid' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | CalleeFlexibleAccessPath | document.location.href.split |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:377:47:377:49 | "?" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:384:5:384:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:386:5:386:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:389:5:389:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:392:5:392:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:395:5:395:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:397:5:397:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:402:5:402:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:406:5:406:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:409:5:409:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:412:5:412:10 | 'myId' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | CalleeFlexibleAccessPath | window.location.hash.substr |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:416:45:416:45 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | CalleeFlexibleAccessPath | window.location.hash.match |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:419:42:419:54 | /hello (\\w+)/ | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | CalleeFlexibleAccessPath | document.write |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | CalleeFlexibleAccessPath | window.location.hash.split |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:424:45:424:47 | '#' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:5:430:10 | "#foo" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | CalleeFlexibleAccessPath | target.replace |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:33:430:63 | /<metad ... adata>/ | receiverName | target |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | CalleeFlexibleAccessPath | target.replace |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:66:430:88 | '<metad ... adata>' | receiverName | target |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:5:432:10 | "#foo" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | CalleeFlexibleAccessPath | target.replace |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | InputArgumentIndex | 0 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:33:432:38 | /<\|>/g | receiverName | target |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | CalleeFlexibleAccessPath | target.replace |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | InputArgumentIndex | 1 |
-| autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:41:432:42 | '' | receiverName | target |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | CalleeFlexibleAccessPath | Element |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | InputAccessPathFromCallee | ?.html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:441:25:441:30 | "html" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | InputAccessPathFromCallee | 0.html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | CalleeFlexibleAccessPath | Element().setProperty |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:443:33:443:38 | "html" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | CalleeFlexibleAccessPath | Element().setProperty |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | CalleeFlexibleAccessPath | Element().setProperties |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | CalleeFlexibleAccessPath | Element().setProperties |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | InputAccessPathFromCallee | 0.html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | CalleeFlexibleAccessPath | Element().appendHtml |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/tst.js:449:25:449:38 | 'ansi-to-html' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:455:5:455:10 | "#foo" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:456:5:456:10 | "#foo" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | CalleeFlexibleAccessPath | ansiToHtml.toHtml |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | calleeImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:36:456:41 | source | receiverName | ansiToHtml |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | CalleeFlexibleAccessPath | document.getElementById |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:462:39:462:47 | 'mytable' | receiverName | document |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | CalleeFlexibleAccessPath | table.insertRow |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:464:29:464:30 | -1 | receiverName | table |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | CalleeFlexibleAccessPath | document.location.search.substr |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:471:45:471:45 | 1 | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:5:473:9 | "<a>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | InputAccessPathFromCallee | 1.href |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:34:473:39 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:474:5:474:10 | "#foo" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:474:18:474:23 | "href" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:5:475:10 | "#foo" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | InputAccessPathFromCallee | 0.href |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:5:476:11 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:35:476:40 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:5:477:9 | "<a>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | InputAccessPathFromCallee | 1.href |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:48:477:53 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:5:479:11 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:58:479:63 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:5:481:11 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | CalleeFlexibleAccessPath | ?.join |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:52:481:54 | "/" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:68:481:73 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | CalleeFlexibleAccessPath | url.startsWith |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:483:22:483:31 | "https://" | receiverName | url |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:7:484:13 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:37:484:42 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:7:486:13 | "<img>" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | CalleeFlexibleAccessPath | $().appendTo |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:37:486:42 | "body" | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | CalleeFlexibleAccessPath | window.open |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) | receiverName | window |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | CalleeFlexibleAccessPath | location.hash.substr |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:489:36:489:36 | 1 | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | CalleeFlexibleAccessPath | navigation.navigate |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | receiverName | navigation |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | CalleeFlexibleAccessPath | location.hash.substr |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:491:44:491:44 | 1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | CalleeFlexibleAccessPath | Bloodhound |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | contextFunctionInterfaces | source(query, cb)\nsuggestion(loc)\nsuggestion(val) |
@@ -14293,19 +18537,19 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | CalleeFlexibleAccessPath | $().ready |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | CalleeFlexibleAccessPath | xhr.open |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:14:4:18 | "GET" | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | CalleeFlexibleAccessPath | xhr.open |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | InputArgumentIndex | 1 |
@@ -14313,7 +18557,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | CalleeFlexibleAccessPath | xhr.open |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | InputArgumentIndex | 2 |
@@ -14321,7 +18565,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:26:4:29 | true | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | CalleeFlexibleAccessPath | xhr.setRequestHeader |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | InputArgumentIndex | 0 |
@@ -14329,7 +18573,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:26:5:39 | "Content-Type" | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | CalleeFlexibleAccessPath | xhr.setRequestHeader |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | InputArgumentIndex | 1 |
@@ -14337,7 +18581,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:5:42:5:59 | "application/json" | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | CalleeFlexibleAccessPath | JSON.parse |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | InputArgumentIndex | 0 |
@@ -14345,7 +18589,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:8:31:8:46 | xhr.responseText | receiverName | JSON |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | InputArgumentIndex | 0 |
@@ -14353,28 +18597,76 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:11:9:20 | "#myThing" | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | CalleeFlexibleAccessPath | console.log |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextFunctionInterfaces | onreadystatechange() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | receiverName | console |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | CalleeFlexibleAccessPath | $().ready |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:25:19:29 | 'got' | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | CalleeFlexibleAccessPath | got.get |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | calleeImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:32:20:47 | "{{ some_url }}" | receiverName | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | CalleeFlexibleAccessPath | JSON.parse |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:29:21:37 | resp.body | receiverName | JSON |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:7:22:16 | "#myThing" | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | fileImports | got |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | InputArgumentIndex | 0 |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:15:7:70 | {type:  ... mber'}} | receiverName | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | InputAccessPathFromCallee | 0.type |
@@ -14383,7 +18675,7 @@ tokenFeatures
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:22:7:29 | 'object' | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputAccessPathFromCallee | 0.additionalProperties |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | InputArgumentIndex | 0 |
@@ -14391,7 +18683,7 @@ tokenFeatures
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:54:7:69 | {type: 'number'} | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputAccessPathFromCallee | 0.additionalProperties.type |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | InputArgumentIndex | 0 |
@@ -14399,27 +18691,27 @@ tokenFeatures
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:61:7:68 | 'number' | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | CalleeFlexibleAccessPath | ajv.addSchema |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | InputArgumentIndex | 1 |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | calleeImports | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:73:7:82 | 'pollData' | receiverName | ajv |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | CalleeFlexibleAccessPath | app.post |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | calleeImports | express |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:10:9:20 | '/polldata' | receiverName | app |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | CalleeFlexibleAccessPath | app.post |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | calleeImports | express |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:23:13:1 | (req, r ...     }\\n} | receiverName | app |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | InputArgumentIndex | 0 |
@@ -14427,8 +18719,70 @@ tokenFeatures
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | enclosingFunctionBody | req res ajv validate pollData req body res send ajv errorsText |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | fileImports | ajv express |
+| autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | fileImports | ajv express joi |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() | receiverName | res |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | calleeImports |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:21:15:25 | "joi" | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | CalleeFlexibleAccessPath | joi.object().keys |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | CalleeFlexibleAccessPath | joi.object().keys |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | InputAccessPathFromCallee | 0.name |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | assignedToPropName | name |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | CalleeFlexibleAccessPath | joi.object().keys |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | InputAccessPathFromCallee | 0.age |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | assignedToPropName | age |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | CalleeFlexibleAccessPath | joi.object().keys().with |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:9:19:14 | 'name' | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | CalleeFlexibleAccessPath | joi.object().keys().with |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | InputArgumentIndex | 1 |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:19:17:19:21 | 'age' | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | CalleeFlexibleAccessPath | app.post |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | calleeImports | express |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:10:21:20 | '/votedata' | receiverName | app |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | calleeImports | express |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:23:26:1 | (req, r ...     }\\n} | receiverName | app |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | enclosingFunctionBody | req res val joiSchema validate req body val error res send val error |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:18:24:26 | val.error | receiverName | res |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | CalleeFlexibleAccessPath | unknown |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x | contextFunctionInterfaces | deep(x)\ndeep2(x)\ninner(tainted, resolve)\ninner(x)\nmyWeirdInner(x)\nsafe(x) |
@@ -15193,722 +19547,743 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:1:23:1:31 | 'express' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:9:5:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:5:22:14:1 | functio ... ;\\n  }\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | enclosingFunctionBody | req res isValidUserId req params id res send Unknown user:  req params id moreBadStuff req params res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | contextSurroundingFunctionParameters | (params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | enclosingFunctionBody | params res res send Unknown user:  params id |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | enclosingFunctionName | moreBadStuff |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:20:22:20:29 | "marked" | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:9:21:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:21:22:24:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | enclosingFunctionBody | req res res send req body res send marked req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:22:12:22:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | enclosingFunctionBody | req res res send req body res send marked req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:12:23:27 | marked(req.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | CalleeFlexibleAccessPath | marked |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | calleeImports | marked |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | enclosingFunctionBody | req res res send req body res send marked req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:23:19:23:26 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:27:21:27:36 | 'markdown-table' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:9:28:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:28:22:35:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:29:12:29:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | CalleeFlexibleAccessPath | table |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | calleeImports | markdown-table |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:30:23:33:3 | [\\n    [ ... dy]\\n  ] | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:5:31:23 | ['Name', 'Content'] | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:6:31:11 | 'Name' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:31:14:31:22 | 'Content' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:5:32:22 | ['body', req.body] | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:6:32:11 | 'body' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:32:14:32:21 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | enclosingFunctionBody | req res res send req body mytable table Name Content body req body res send mytable |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:34:12:34:18 | mytable | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:37:25:37:34 | 'showdown' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:9:40:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:40:22:43:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | enclosingFunctionBody | req res res send req body res send converter makeHtml req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:41:12:41:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | enclosingFunctionBody | req res res send req body res send converter makeHtml req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:12:42:39 | convert ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | CalleeFlexibleAccessPath | converter.makeHtml |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | calleeImports | showdown |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | enclosingFunctionBody | req res res send req body res send converter makeHtml req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:42:31:42:38 | req.body | receiverName | converter |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:45:23:45:31 | 'unified' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:46:24:46:37 | 'remark-parse' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:47:29:47:43 | 'remark-rehype' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:48:19:48:35 | 'rehype-document' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:49:22:49:36 | 'rehype-format' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:12:50:38 | require ... ngify') | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:50:20:50:37 | 'rehype-stringify' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:51:22:51:29 | "remark" | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:52:24:52:40 | "rehype-sanitize" | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:53:37:53:46 | 'showdown' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:9:55:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:55:22:77:1 | functio ... \\n  })\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:56:12:56:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | CalleeFlexibleAccessPath | unified().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:59:10:59:17 | markdown | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | CalleeFlexibleAccessPath | unified().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:60:10:60:22 | remark2rehype | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | CalleeFlexibleAccessPath | unified().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:10:61:12 | doc | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | CalleeFlexibleAccessPath | unified().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:15:61:31 | { title: '\\u1f44b\\udc4b\\u1f30d\\udf0d' } | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | CalleeFlexibleAccessPath | unified().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputAccessPathFromCallee | 1.title |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | assignedToPropName | title |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:61:24:61:29 | '\\u1f44b\\udc4b\\u1f30d\\udf0d' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | CalleeFlexibleAccessPath | unified().use().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:62:10:62:15 | format | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | CalleeFlexibleAccessPath | unified().use().use().use().use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:63:10:63:13 | html | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | CalleeFlexibleAccessPath | unified().use().use().use().use().use().process |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:14:64:21 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | unified().use().use().use().use().use().process |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (req, res)\n(err, file) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:64:24:66:5 | functio ... K\\n    } | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | contextSurroundingFunctionParameters | (req, res)\n(err, file) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:65:16:65:19 | file | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:12:68:52 | remark( ... tring() | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | CalleeFlexibleAccessPath | remark().processSync |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:68:33:68:40 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:12:70:66 | remark( ... tring() | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | CalleeFlexibleAccessPath | remark().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:25:70:32 | sanitize | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | CalleeFlexibleAccessPath | remark().use().processSync |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:70:47:70:54 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:12:72:65 | unified ... oString | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | CalleeFlexibleAccessPath | unified().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:26:72:33 | markdown | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | CalleeFlexibleAccessPath | unified().use().processSync |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | calleeImports | unified |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:72:48:72:55 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | CalleeFlexibleAccessPath | remark().process |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:20:74:27 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | CalleeFlexibleAccessPath | remark().process |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | calleeImports | remark |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res)\n(e, f) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:74:30:76:3 | (e, f)  ...  OK\\n  } | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | contextSurroundingFunctionParameters | (req, res)\n(e, f) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | enclosingFunctionBody | req res res send req body unified use markdown use remark2rehype use doc title \ud83d\udc4b\ud83c\udf0d use format use html process req body err file res send file res send remark processSync req body toString res send remark use sanitize processSync req body toString res send unified use markdown processSync req body toString remark process req body e f res send f |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:75:14:75:14 | f | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:80:26:80:36 | "snarkdown" | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:9:82:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:82:22:86:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:83:12:83:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | CalleeFlexibleAccessPath | snarkdown |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | calleeImports | snarkdown |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:84:22:84:29 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | CalleeFlexibleAccessPath | snarkdown2 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | calleeImports | snarkdown |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | enclosingFunctionBody | req res res send req body res send snarkdown req body res send snarkdown2 req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:85:23:85:30 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:28:88:40 | 'markdown-it' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:88:43:90:1 | {\\n  html: true\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputAccessPathFromCallee | 0.html |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | assignedToPropName | html |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:89:9:89:12 | true | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:29:91:41 | 'markdown-it' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:91:44:91:45 | {} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:29:93:41 | 'markdown-it' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:44:93:55 | {html: true} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputAccessPathFromCallee | 0.html |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | assignedToPropName | html |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:93:51:93:54 | true | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | CalleeFlexibleAccessPath | import(!)().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:8:94:41 | require ... ghtjs') | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:94:16:94:40 | 'markdo ... ightjs' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:9:96:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | calleeImports | express |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:96:22:104:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:97:12:97:19 | req.body | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:12:98:38 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | CalleeFlexibleAccessPath | markdownIt.render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:98:30:98:37 | req.body | receiverName | markdownIt |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:12:99:39 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | CalleeFlexibleAccessPath | markdownIt2.render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body | receiverName | markdownIt2 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:12:100:39 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | CalleeFlexibleAccessPath | markdownIt3.render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:100:31:100:38 | req.body | receiverName | markdownIt3 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:12:102:76 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | CalleeFlexibleAccessPath | markdownIt.use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:27:102:58 | require ... tizer') | receiverName | markdownIt |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:35:102:57 | 'markdo ... itizer' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | CalleeFlexibleAccessPath | markdownIt.use().render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | InputArgumentIndex | 0 |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) | receiverName | res |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | CalleeFlexibleAccessPath | markdownIt.use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') | receiverName | markdownIt |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | calleeImports |  |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:35:103:52 | 'markdown-it-abbr' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | CalleeFlexibleAccessPath | markdownIt.use().use |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:60:103:66 | unknown | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | CalleeFlexibleAccessPath | markdownIt.use().use().render |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | calleeImports | markdown-it |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | contextFunctionInterfaces | moreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | enclosingFunctionBody | req res res send req body res send markdownIt render req body res send markdownIt2 render req body res send markdownIt3 render req body res send markdownIt use require markdown-it-sanitizer render req body res send markdownIt use require markdown-it-abbr use unknown render req body |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | fileImports | express markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:76:103:83 | req.body | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:20:106:25 | 'hapi' | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | CalleeFlexibleAccessPath | hapi.route |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | calleeImports | hapi |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:12:111:6 | {\\n    h ... \\n    }} | receiverName | hapi |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | hapi.route |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | InputAccessPathFromCallee | 0.handler |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | assignedToPropName | handler |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | calleeImports | hapi |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | contextFunctionInterfaces | handler(request)\nmoreBadStuff(params, res) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (request) |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:109:14:111:5 | functio ... K\\n    } | fileImports | express hapi markdown-it markdown-it-abbr markdown-it-highlightjs markdown-it-sanitizer markdown-table marked rehype-document rehype-format rehype-sanitize rehype-stringify remark remark-parse remark-rehype showdown snarkdown unified |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:23:1:31 | 'express' | calleeImports |  |
@@ -17088,6 +21463,77 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/formatting.js:7:49:7:52 | evil | enclosingFunctionBody | req res evil req query evil res send console log <div>%s</div> evil res send util format <div>%s</div> evil res send require printf <div>%s</div> evil |
 | autogenerated/Xss/ReflectedXss/formatting.js:7:49:7:52 | evil | enclosingFunctionName | get#functionalargument |
 | autogenerated/Xss/ReflectedXss/formatting.js:7:49:7:52 | evil | fileImports | express printf |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:26:1:38 | "live-server" | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | CalleeFlexibleAccessPath | res.end |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | enclosingFunctionName |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:13:6:50 | `<html> ... /html>` | receiverName | res |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | enclosingFunctionName |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:14:6:25 | <html><body> | stringConcatenatedWith |  -endpoint- tainted + '</body></html>' |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | enclosingFunctionName |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted | stringConcatenatedWith | '<html><body>' -endpoint- '</body></html>' |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | enclosingFunctionName |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:36:6:49 | </body></html> | stringConcatenatedWith | '<html><body>' + tainted -endpoint-  |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | middleware.push |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:17:13:1 | functio ... OT OK\\n} | receiverName | middleware |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | CalleeFlexibleAccessPath | res.end |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | enclosingFunctionName | middleware.push#functionalargument |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:13:12:50 | `<html> ... /html>` | receiverName | res |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | enclosingFunctionName | middleware.push#functionalargument |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:14:12:25 | <html><body> | stringConcatenatedWith |  -endpoint- tainted + '</body></html>' |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | enclosingFunctionName | middleware.push#functionalargument |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted | stringConcatenatedWith | '<html><body>' -endpoint- '</body></html>' |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | contextSurroundingFunctionParameters | (req, res, next) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | enclosingFunctionBody | req res next tainted req url res end <html><body> tainted </body></html> |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | enclosingFunctionName | middleware.push#functionalargument |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:36:12:49 | </body></html> | stringConcatenatedWith | '<html><body>' + tainted -endpoint-  |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | CalleeFlexibleAccessPath | liveServer.start |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | calleeImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | fileImports | live-server |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:18:18:23 | params | receiverName | liveServer |
 | autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:14:2:20 | req.url | contextFunctionInterfaces | handler(req, res) |
@@ -17441,20 +21887,20 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | calleeImports |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:1:23:1:31 | 'express' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | calleeImports | express |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:9:5:19 | '/user/:id' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | calleeImports | express |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:5:22:9:1 | functio ... OT OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | InputArgumentIndex | 0 |
@@ -17462,7 +21908,7 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | enclosingFunctionBody | req res p q r req params res send p res send r |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:7:12:7:12 | p | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | InputArgumentIndex | 0 |
@@ -17470,21 +21916,21 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | enclosingFunctionBody | req res p q r req params res send p res send r |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:8:12:8:12 | r | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | InputArgumentIndex | 0 |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | calleeImports | express |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:9:13:14 | '/bar' | receiverName | app |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | CalleeFlexibleAccessPath | app.get |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | InputArgumentIndex | 1 |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | calleeImports | express |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextFunctionInterfaces |  |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:13:17:24:1 | functio ... // OK\\n} | receiverName | app |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | InputArgumentIndex | 0 |
@@ -17492,7 +21938,7 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | enclosingFunctionBody | req res p req params p aKnownValue res send p res send p p aKnownValue res send p res send p |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:17:14:17:14 | p | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | InputArgumentIndex | 0 |
@@ -17500,7 +21946,7 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | enclosingFunctionBody | req res p req params p aKnownValue res send p res send p p aKnownValue res send p res send p |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:18:12:18:12 | p | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | InputArgumentIndex | 0 |
@@ -17508,7 +21954,7 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | enclosingFunctionBody | req res p req params p aKnownValue res send p res send p p aKnownValue res send p res send p |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:14:21:14 | p | receiverName | res |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | CalleeFlexibleAccessPath | res.send |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | InputArgumentIndex | 0 |
@@ -17516,8 +21962,369 @@ tokenFeatures
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | enclosingFunctionBody | req res p req params p aKnownValue res send p res send p p aKnownValue res send p res send p |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | fileImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:14:23:14 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:23:27:29 | 'clone' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:9:29:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:17:38:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | CalleeFlexibleAccessPath | clone |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | calleeImports | clone |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | enclosingFunctionBody | req res p req params obj obj p p other clone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:21:34:23 | obj | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | enclosingFunctionBody | req res p req params obj obj p p other clone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:12:36:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | enclosingFunctionBody | req res p req params obj obj p p other clone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:12:37:18 | other.p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:37:40:58 | 'serial ... script' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:9:42:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:17:52:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | CalleeFlexibleAccessPath | serializeJavaScript |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | calleeImports | serialize-javascript |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:40:45:40 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:12:47:21 | serialized | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | CalleeFlexibleAccessPath | serializeJavaScript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | calleeImports | serialize-javascript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:36:49:36 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | CalleeFlexibleAccessPath | serializeJavaScript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | calleeImports | serialize-javascript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:39:49:52 | {unsafe: true} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | CalleeFlexibleAccessPath | serializeJavaScript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | InputAccessPathFromCallee | 1.unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | assignedToPropName | unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | calleeImports | serialize-javascript |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:48:49:51 | true | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | enclosingFunctionBody | req res p req params serialized serializeJavaScript p res send serialized unsafe serializeJavaScript p unsafe true res send unsafe |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:12:51:17 | unsafe | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:24:54:31 | 'fclone' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:9:56:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:17:65:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | CalleeFlexibleAccessPath | fclone |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | calleeImports | fclone |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | enclosingFunctionBody | req res p req params obj obj p p other fclone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:22:61:24 | obj | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | enclosingFunctionBody | req res p req params obj obj p p other fclone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:12:63:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | enclosingFunctionBody | req res p req params obj obj p p other fclone obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:12:64:18 | other.p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:20:67:31 | 'json-cycle' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:9:68:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:17:77:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | CalleeFlexibleAccessPath | jc.retrocycle |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | calleeImports | json-cycle |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | enclosingFunctionBody | req res p req params obj obj p p other jc retrocycle jc decycle obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) | receiverName | jc |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | CalleeFlexibleAccessPath | jc.decycle |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | calleeImports | json-cycle |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | enclosingFunctionBody | req res p req params obj obj p p other jc retrocycle jc decycle obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:40:73:42 | obj | receiverName | jc |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | enclosingFunctionBody | req res p req params obj obj p p other jc retrocycle jc decycle obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:12:75:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | enclosingFunctionBody | req res p req params obj obj p p other jc retrocycle jc decycle obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:12:76:18 | other.p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:26:79:36 | 'sort-keys' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:9:81:14 | '/baz' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:17:90:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | CalleeFlexibleAccessPath | sortKeys |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | calleeImports | sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | enclosingFunctionBody | req res p req params obj obj p p other sortKeys obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:24:86:26 | obj | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | enclosingFunctionBody | req res p req params obj obj p p other sortKeys obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:12:88:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | enclosingFunctionBody | req res p req params obj obj p p other sortKeys obj res send p res send other p |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | fileImports | clone express fclone json-cycle serialize-javascript sort-keys |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:12:89:18 | other.p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:23:1:31 | 'express' | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | CalleeFlexibleAccessPath | app.enable |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:12:4:25 | 'x-powered-by' | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | CalleeFlexibleAccessPath | app.enable().disable |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:36:4:49 | 'x-powered-by' | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | CalleeFlexibleAccessPath | app.enable().disable().get |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:56:4:58 | '/' | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.enable().disable().get |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:61:7:1 | functio ... OT OK\\n} | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | enclosingFunctionBody | req res p req params res send p |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | enclosingFunctionName | get#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:12:6:12 | p | receiverName | res |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | calleeImports |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:26:9:35 | "prettier" | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | CalleeFlexibleAccessPath | app.post |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:10:10:17 | "foobar" | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | CalleeFlexibleAccessPath | app.post |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | calleeImports | express |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:20:13:1 | functio ... OT OK\\n} | receiverName | app |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | calleeImports | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:32:11:39 | reg.body | receiverName | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | calleeImports | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:42:11:73 | { semi: ... abel" } | receiverName | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | InputAccessPathFromCallee | 1.semi |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | assignedToPropName | semi |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | calleeImports | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:50:11:54 | false | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | CalleeFlexibleAccessPath | prettier.format |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | InputAccessPathFromCallee | 1.parser |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | InputArgumentIndex | 1 |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | assignedToPropName | parser |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | calleeImports | prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:65:11:71 | "babel" | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | CalleeFlexibleAccessPath | res.send |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | InputArgumentIndex | 0 |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | contextFunctionInterfaces |  |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | contextSurroundingFunctionParameters | (reg, res) |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | enclosingFunctionBody | reg res code prettier format reg body semi false parser babel res send code |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | fileImports | express prettier |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:12:12:15 | code | receiverName | res |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | InputArgumentIndex | 0 |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:1:20:1:25 | 'http' | calleeImports |  |
@@ -17735,29 +22542,29 @@ tokenFeatures
 | autogenerated/Xss/StoredXss/xss-through-torrent.js:7:11:7:14 | name | receiverName | res |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | CalleeFlexibleAccessPath | define |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:11:3:18 | 'jquery' | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:21:3:31 | 'jquery-ui' | fileImports | jquery jquery-ui |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | CalleeFlexibleAccessPath | define |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:35:3:41 | factory | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:14 | "<span>" | enclosingFunctionName |  |
@@ -17766,12 +22573,12 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | calleeImports | jquery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | fileImports | jquery jquery-ui |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") | enclosingFunctionName |  |
@@ -17780,502 +22587,1023 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | CalleeFlexibleAccessPath | $.trim |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | calleeImports | jquery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | fileImports | jquery jquery-ui |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:25:8:29 | "foo" | receiverName | $ |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | fileImports | jquery jquery-ui |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:34:8:42 | "</span>" | stringConcatenatedWith | '<span>' + $.trim() -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:7:12:12 | "#foo" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:27 | "<span>" | stringConcatenatedWith |  -endpoint- options.foo + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:31:12:41 | options.foo | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:45:12:53 | "</span>" | stringConcatenatedWith | '<span>' + options.foo -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:7:14:12 | "#foo" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:27 | "<span>" | stringConcatenatedWith |  -endpoint- stuff + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:31:14:35 | stuff | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:39:14:47 | "</span>" | stringConcatenatedWith | '<span>' + stuff -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:18:2:41 | "<span> ... /span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:28:3:34 | "#html" | receiverName | document |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:28:3:34 | "#html" | receiverName | document |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:18:2:41 | "<span> ... /span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:28:3:34 | "#html" | receiverName | document |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:25 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:18:2:41 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:29:2:29 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:2:33:2:41 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:28:3:34 | "#html" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:52:7:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:28:8:33 | "#xml" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | CalleeFlexibleAccessPath | document.querySelector().appendChild |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:52:12:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | CalleeFlexibleAccessPath | document.createElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:15:40:15:45 | 'span' | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | CalleeFlexibleAccessPath | tmp.appendChild |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | receiverName | tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:28:17:33 | "#xml" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | CalleeFlexibleAccessPath | document.querySelector().appendChild |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:26:20:38 | 'markdown-it' | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | calleeImports | markdown-it |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:41:20:52 | {html: true} | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | CalleeFlexibleAccessPath | import(!) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputAccessPathFromCallee | 0.html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | assignedToPropName | html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | calleeImports | markdown-it |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:20:48:20:51 | true | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:18:22:35 | markdown.render(s) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | CalleeFlexibleAccessPath | markdown.render |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | calleeImports | markdown-it |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:22:34:22:34 | s | receiverName | markdown |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:28:23:38 | "#markdown" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:26:27:26:37 | 'striptags' | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | assignedToPropName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | contextSurroundingFunctionParameters | (s) |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:27:32:30:1 | functio ... html;\\n} | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:18:28:52 | stripta ... span>") | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:28:28:35 | "<span>" | stringConcatenatedWith |  -endpoint- s + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:39:28:39 | s | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:28:43:28:51 | "</span>" | stringConcatenatedWith | '<span>' + s -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:28:29:39 | "#sanitized" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:32:29:32:37 | "./typed" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | contextSurroundingFunctionParameters |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:34:33:34:49 | "./jquery-plugin" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionName | plainDOMXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | CalleeFlexibleAccessPath | DOMParser().parseFromString |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | enclosingFunctionName | plainDOMXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:52:37:61 | "text/xml" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:32:47:39 | "#class" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:61 | "<span>" | stringConcatenatedWith |  -endpoint- this.step + '</span>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:65:47:73 | this.step | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:77:47:85 | "</span>" | stringConcatenatedWith | '<span>' + this.step -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextSurroundingFunctionParameters | (options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | receiverName | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextSurroundingFunctionParameters | (options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | this.each |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:15 | "<b>" | stringConcatenatedWith |  -endpoint- settings.name + '</b>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:19:62:31 | settings.name | stringConcatenatedWith | '<b>' -endpoint- '</b>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:35:62:40 | "</b>" | stringConcatenatedWith | '<b>' + settings.name -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | CalleeFlexibleAccessPath | $().appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:28:67:32 | "#id" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:59 | "<img alt=\\"" | stringConcatenatedWith |  -endpoint- attrVal + '"/>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:63:67:69 | attrVal | stringConcatenatedWith | '<img alt="' -endpoint- '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:73:67:78 | "\\"/>" | stringConcatenatedWith | '<img alt="' + attrVal -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:28:68:32 | "#id" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:59 | "<img alt=\\"" | stringConcatenatedWith |  -endpoint- attrVal.replace() + '"/>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:63:68:89 | attrVal ... /g, "") | stringConcatenatedWith | '<img alt="' -endpoint- '"/>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | CalleeFlexibleAccessPath | attrVal.replace |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:79:68:84 | /"\|'/g | receiverName | attrVal |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | CalleeFlexibleAccessPath | attrVal.replace |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:87:68:88 | "" | receiverName | attrVal |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:93:68:98 | "\\"/>" | stringConcatenatedWith | '<img alt="' + attrVal.replace() -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | CalleeFlexibleAccessPath | attrVal.indexOf |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:25:69:28 | "\\"" | receiverName | attrVal |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | CalleeFlexibleAccessPath | attrVal.indexOf |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:57:69:59 | "'" | receiverName | attrVal |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:32:70:36 | "#id" | receiverName | document |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:63 | "<img alt=\\"" | stringConcatenatedWith |  -endpoint- attrVal + '"/>' |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:67:70:73 | attrVal | stringConcatenatedWith | '<img alt="' -endpoint- '"/>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:77:70:82 | "\\"/>" | stringConcatenatedWith | '<img alt="' + attrVal -endpoint-  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:25 | "<span>" | stringConcatenatedWith |  -endpoint- obj.spanTemplate + '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:18:75:56 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:29:75:44 | obj.spanTemplate | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:75:48:75:56 | "</span>" | stringConcatenatedWith | '<span>' + obj.spanTemplate -endpoint-  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | CalleeFlexibleAccessPath | document.querySelector |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:28:76:38 | "#template" | receiverName | document |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | assignedToPropName | innerHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:11:81:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:31 | "<span>" | stringConcatenatedWith |  -endpoint- val + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:35:81:37 | val | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:41:81:49 | "</span>" | stringConcatenatedWith | '<span>' + val -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:11:83:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:31 | "<span>" | stringConcatenatedWith |  -endpoint- val + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:35:83:37 | val | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:41:83:49 | "</span>" | stringConcatenatedWith | '<span>' + val -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:11:85:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:31 | "<span>" | stringConcatenatedWith |  -endpoint- val + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:35:85:37 | val | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:41:85:49 | "</span>" | stringConcatenatedWith | '<span>' + val -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | enclosingFunctionBody | x <span> x </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | enclosingFunctionName | createHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:12:90:19 | "<span>" | stringConcatenatedWith |  -endpoint- x + '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | enclosingFunctionBody | x <span> x </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | enclosingFunctionName | createHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:23:90:23 | x | stringConcatenatedWith | '<span>' -endpoint- '</span>' |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | enclosingFunctionBody | x <span> x </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | enclosingFunctionName | createHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:90:27:90:35 | "</span>" | stringConcatenatedWith | '<span>' + x -endpoint-  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:93:33:95:1 | functio ... (x));\\n} | assignedToPropName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:93:33:95:1 | functio ... (x));\\n} | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:93:33:95:1 | functio ... (x));\\n} | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:93:33:95:1 | functio ... (x));\\n} | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | enclosingFunctionBody | x $ #foo html createHTML x |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:7:94:12 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | enclosingFunctionBody | x $ #foo html createHTML x |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:27:97:35 | 'mermaid' | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:98:33:114:1 | functio ...   });\\n} | assignedToPropName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:98:33:114:1 | functio ...   });\\n} | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:98:33:114:1 | functio ...   });\\n} | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:98:33:114:1 | functio ...   });\\n} | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:22:99:25 | "id" | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:28:99:28 | x | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | InputArgumentIndex | 2 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:31:101:5 | functio ... ;\\n    } | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:11:100:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:7:103:12 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:37:103:40 | "id" | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | CalleeFlexibleAccessPath | myMermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | calleeImports | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:43:103:43 | x | receiverName | myMermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:20:105:23 | "id" | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:26:105:26 | x | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | InputArgumentIndex | 2 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:29:107:5 | functio ...  \\n    } | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:11:106:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:7:109:12 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:35:109:38 | "id" | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | CalleeFlexibleAccessPath | mermaid.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:41:109:41 | x | receiverName | mermaid |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | CalleeFlexibleAccessPath | mermaid.mermaidAPI.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:31:111:34 | "id" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | CalleeFlexibleAccessPath | mermaid.mermaidAPI.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:37:111:37 | x | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | CalleeFlexibleAccessPath | mermaid.mermaidAPI.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | InputArgumentIndex | 2 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:40:113:5 | functio ... ;\\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:11:112:16 | "#foo" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | CalleeFlexibleAccessPath | markdown.render |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | calleeImports | markdown-it |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:34:117:34 | s | receiverName | markdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | CalleeFlexibleAccessPath | document.querySelector |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:28:118:38 | "#markdown" | receiverName | document |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | contextFunctionInterfaces | basicHtmlConstruction(s)\nid(s)\ninsertIntoCreatedDocument(s)\nnotVulnerable() |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:2:18:2:25 | "<span>" | enclosingFunctionBody | s html <span> s </span> document body innerHTML html |
@@ -18367,217 +23695,217 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:18:31:18:34 | html | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | CalleeFlexibleAccessPath | $().appendTo |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | CalleeFlexibleAccessPath | console.log |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | receiverName | console |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | CalleeFlexibleAccessPath | safe.has |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | receiverName | safe |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | fileImports |  |
@@ -18586,7 +23914,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | InputAccessPathFromCallee | 0.menu |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | assignedToPropName | menu |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:103:10:103:22 | '<div></div>' | fileImports |  |
@@ -18594,78 +23922,78 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputAccessPathFromCallee | 0.target |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | assignedToPropName | target |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:104:12:104:23 | '.my_plugin' | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputArgumentIndex | 2 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | receiverName | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | CalleeFlexibleAccessPath | $.extend |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | fileImports |  |
@@ -18674,207 +24002,246 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | InputAccessPathFromCallee | 1.my_plugin |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | assignedToPropName | my_plugin |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:140:41:140:56 | <div>hello</div> | stringConcatenatedWith |  -endpoint-  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:23:143:27 | <div> | stringConcatenatedWith |  -endpoint- options.target + '</div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:30:143:43 | options.target | stringConcatenatedWith | '<div>' -endpoint- '</div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:143:45:143:50 | </div> | stringConcatenatedWith | '<div>' + options.target -endpoint-  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:23:146:27 | <div> | stringConcatenatedWith |  -endpoint- ? |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:146:32:146:54 | options ... </div>` | stringConcatenatedWith | '<div>' -endpoint-  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | fileImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:24:149:35 | <div class=" | stringConcatenatedWith |  -endpoint- options.target + '"></div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:38:149:51 | options.target | stringConcatenatedWith | '<div class="' -endpoint- '"></div>' |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:149:53:149:60 | "></div> | stringConcatenatedWith | '<div class="' + options.target -endpoint-  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | CalleeFlexibleAccessPath | something.replace |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:23:163:37 | "%PLACEHOLDER%" | receiverName | something |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | CalleeFlexibleAccessPath | something.replace |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | InputArgumentIndex | 1 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:40:163:53 | options.target | receiverName | something |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | InputArgumentIndex | 0 |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | CalleeFlexibleAccessPath | doSomethingElse |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:28:187:31 | this | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | CalleeFlexibleAccessPath | doSomethingElse |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:34:187:42 | arguments | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | CalleeFlexibleAccessPath | $.extend |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | receiverName | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | CalleeFlexibleAccessPath | $.extend |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | receiverName | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | CalleeFlexibleAccessPath | console.log |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | receiverName | console |
 | autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/forms.js:9:19:9:23 | "#id" | contextFunctionInterfaces | App()\nFormikBasic()\nHookForm()\nHookForm2()\nhandleSubmit(values, ?)\nmapPropsToValues()\nonSubmit(data)\nonsubmit(e)\nplainReact()\nplainSubmit(e)\nvalidate(values)\nvanillaJS() |
@@ -19137,823 +24504,5243 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/forms.js:107:23:107:36 | e.target.value | fileImports | formik react react-final-form react-hook-form |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:4:2:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:18:2:27 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:4:4:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:18:4:32 | ".some-element" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:4:6:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:18:6:32 | ".some-element" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:40:6:44 | "foo" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | InputArgumentIndex | 1 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:47:6:51 | "bar" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:4:7:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:18:7:32 | ".some-element" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputAccessPathFromCallee | 0.foo |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | assignedToPropName | foo |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:48:7:52 | "bar" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:4:8:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:18:8:32 | ".some-element" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | CalleeFlexibleAccessPath | $().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:40:8:52 | "data-target" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:10:4:10:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:27:11:31 | "foo" | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:14:4:14:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:27:15:31 | "foo" | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:18:4:18:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:27:19:31 | "foo" | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:22:4:22:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | CalleeFlexibleAccessPath | document.querySelectorAll |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:29:23:38 | "textarea" | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:26:4:26:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | CalleeFlexibleAccessPath | document.getElementById |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:27:27:32 | 'div1' | receiverName | document |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | CalleeFlexibleAccessPath | document.getElementById().getAttribute |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:48:27:60 | 'data-target' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:36:10:36:19 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:43:10:43:19 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:46:4:46:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:9 | "<p>" | stringConcatenatedWith |  -endpoint- something() + '</p>' |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:13:47:23 | something() | stringConcatenatedWith | '<p>' -endpoint- '</p>' |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:27:47:32 | "</p>" | stringConcatenatedWith | '<p>' + something() -endpoint-  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:4:51:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:15:51:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:32:51:41 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:53:15:53:19 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | CalleeFlexibleAccessPath | base.? |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | receiverName | base |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:33:54:42 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:4:56:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:15:56:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:32:56:38 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:45:56:45 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:4:57:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:15:57:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:32:57:38 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:45:57:45 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | CalleeFlexibleAccessPath | $().get().getAttribute |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:61:57:66 | "name" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:4:59:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:15:59:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:32:59:38 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | CalleeFlexibleAccessPath | $().getAttribute |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:54:59:57 | "id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:4:61:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:15:61:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:47:61:54 | "option" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | CalleeFlexibleAccessPath | $().find().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:62:61:68 | "value" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:63:20:63:29 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:4:64:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:15:64:15 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | CalleeFlexibleAccessPath | $().find |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:33:66:40 | "option" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | CalleeFlexibleAccessPath | $().find().attr |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:48:66:54 | "value" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:5:68:9 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:16:68:16 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | assignedToPropName | innerHTML |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | CalleeFlexibleAccessPath | $.jGrowl |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | receiverName | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:13:71:19 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:26:71:26 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:22:73:28 | "input" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | CalleeFlexibleAccessPath | $().get |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:73:35:73:35 | 0 | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:75:22:75:31 | "textarea" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:4:81:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:19:81:24 | '#foo' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | CalleeFlexibleAccessPath | $().prop |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:32:81:42 | 'innerText' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | CalleeFlexibleAccessPath | require |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:83:24:83:30 | "anser" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:84:17:84:22 | "text" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:4:86:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | CalleeFlexibleAccessPath | anser.ansiToHtml |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | calleeImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:33:86:36 | text | receiverName | anser |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:4:87:8 | "#id" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | CalleeFlexibleAccessPath | anser().process |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | calleeImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:36:87:39 | text | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:4:89:15 | "section h1" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | CalleeFlexibleAccessPath | $().each |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:5:90:12 | "nav ul" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:33 | "<a href='#" | stringConcatenatedWith |  -endpoint- $().text().toLowerCase().replace().replace() + ''>Section</a>' |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | CalleeFlexibleAccessPath | $().append |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') | stringConcatenatedWith | '<a href='#' -endpoint- ''>Section</a>' |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | CalleeFlexibleAccessPath | $().text().toLowerCase().replace |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:74:90:77 | / /g | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | CalleeFlexibleAccessPath | $().text().toLowerCase().replace |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | InputArgumentIndex | 1 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:80:90:82 | '-' | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | CalleeFlexibleAccessPath | $().text().toLowerCase().replace().replace |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | InputArgumentIndex | 0 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:93:90:102 | /[^\\w-]+/g | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | CalleeFlexibleAccessPath | $().text().toLowerCase().replace().replace |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | InputArgumentIndex | 1 |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | fileImports | anser |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:104:90:105 | '' | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:110:90:124 | "'>Section</a>" | stringConcatenatedWith | '<a href='#' + $().text().toLowerCase().replace().replace() -endpoint-  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:4:93:8 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:18:93:23 | "#foo" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | CalleeFlexibleAccessPath | $().find |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:31:93:36 | ".bla" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:5:96:9 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:19:96:24 | "#foo" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | CalleeFlexibleAccessPath | $().find |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:32:96:37 | ".bla" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | enclosingFunctionBody | el $ #id get 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:15:102:19 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | CalleeFlexibleAccessPath | $().get |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | enclosingFunctionBody | el $ #id get 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:26:102:26 | 0 | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:5:109:9 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | CalleeFlexibleAccessPath | $().get |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:16:109:16 | 0 | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:41 | "<a src=\\"" | stringConcatenatedWith |  -endpoint- this.el.src + '">foo</a>' |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | assignedToPropName | innerHTML |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src | stringConcatenatedWith | '<a src="' -endpoint- '">foo</a>' |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:59:109:70 | "\\">foo</a>" | stringConcatenatedWith | '<a src="' + this.el.src -endpoint-  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | CalleeFlexibleAccessPath | document.getElementById |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:41:114:47 | "#link" | receiverName | document |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:4:115:8 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:7:117:11 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:19:117:23 | "src" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | InputArgumentIndex | 1 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:7:119:17 | "input.foo" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:11:120:15 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:11:122:18 | "img#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:26:122:30 | "src" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | InputArgumentIndex | 1 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | CalleeFlexibleAccessPath | URL.createObjectURL |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] | receiverName | URL |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | CalleeFlexibleAccessPath | document.createElement |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:36:127:38 | 'a' | receiverName | document |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | assignedToPropName | innerHTML |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:4:132:8 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | CalleeFlexibleAccessPath | require |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:25:136:34 | "cash-dom" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | CalleeFlexibleAccessPath | document.getElementById |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:41:139:47 | "#link" | receiverName | document |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | CalleeFlexibleAccessPath | cash |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:7:140:11 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | CalleeFlexibleAccessPath | cash().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | CalleeFlexibleAccessPath | cashDom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | calleeImports | cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:13:141:17 | "#id" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | CalleeFlexibleAccessPath | cashDom().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | calleeImports | cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | fileImports | anser cash-dom |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | CalleeFlexibleAccessPath | doFilters |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:11:25:17 | filters | fileImports |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | CalleeFlexibleAccessPath | RegExp |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:12:28:16 | strip | fileImports |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | CalleeFlexibleAccessPath | RegExp |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:28:19:28:22 | 'gi' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:20:2:23 | /"/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:26:2:33 | "&quot;" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:20:3:23 | /'/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:3:26:3:33 | "&apos;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:20:4:23 | /&/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | enclosingFunctionBody | s s replace /"/g &quot; replace /'/g &apos; replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:4:26:4:32 | "&amp;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:20:8:23 | /&/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:26:8:32 | "&amp;" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:20:9:23 | /"/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:9:26:9:33 | "&quot;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:20:10:23 | /'/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | enclosingFunctionBody | s s replace /&/g &amp; replace /"/g &quot; replace /'/g &apos; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | enclosingFunctionName | goodEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:10:26:10:33 | "&apos;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:20:14:28 | /&quot;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:31:14:34 | "\\"" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:20:15:28 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:15:31:15:33 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:20:16:27 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | enclosingFunctionBody | s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | enclosingFunctionName | goodDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:16:30:16:32 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:20:20:27 | /&amp;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:30:20:32 | "&" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:20:21:28 | /&quot;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:21:31:21:34 | "\\"" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:20:22:28 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | enclosingFunctionBody | s s replace /&amp;/g & replace /&quot;/g " replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | enclosingFunctionName | badDecode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:22:31:22:33 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | CalleeFlexibleAccessPath | code.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:25:26:28 | /</g | receiverName | code |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | CalleeFlexibleAccessPath | code.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:31:26:36 | '&lt;' | receiverName | code |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | CalleeFlexibleAccessPath | code.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:47:26:50 | />/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | CalleeFlexibleAccessPath | code.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:53:26:58 | '&gt;' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | CalleeFlexibleAccessPath | code.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:69:26:84 | /&(?![\\w\\#]+;)/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | CalleeFlexibleAccessPath | code.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | contextSurroundingFunctionParameters | (code) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | enclosingFunctionBody | code code replace /</g &lt; replace />/g &gt; replace /&(?![\\w\\#]+;)/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | enclosingFunctionName | cleverEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:87:26:93 | '&amp;' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:20:30:27 | /&amp;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:30:30:32 | "&" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:20:31:34 | /s?ome\|thin*g/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:31:37:31:42 | "else" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:20:32:28 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | enclosingFunctionBody | s s replace /&amp;/g & replace /s?ome\|thin*g/g else replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | enclosingFunctionName | badDecode2 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:32:31:32:33 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:19:38:27 | /&quot;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:30:38:33 | "\\"" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:19:39:27 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:39:30:39:32 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:19:40:26 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:40:29:40:31 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | CalleeFlexibleAccessPath | res.push |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | contextSurroundingFunctionParameters | (ss) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | enclosingFunctionBody | ss res s ss s s replace /&quot;/g " replace /&apos;/g ' replace /&amp;/g & res push s res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | enclosingFunctionName | goodDecodeInLoop |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:14:41:14 | s | receiverName | res |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:17:47:24 | /&amp;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:27:47:29 | "&" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:17:48:25 | /&quot;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:28:48:31 | "\\"" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:20:49:28 | /&apos;/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | enclosingFunctionBody | s s s replace /&amp;/g & s s replace /&quot;/g " s replace /&apos;/g ' |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | enclosingFunctionName | badDecode3 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:31:49:33 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:20:53:26 | /\\\\\\\\/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:29:53:32 | '\\\\' | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:21:54:26 | /\\\\'/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:54:29:54:32 | '\\'' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:21:55:26 | /\\\\"/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\'/g ' replace /\\\\"/g " |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | enclosingFunctionName | badUnescape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:55:29:55:32 | '\\"' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | enclosingFunctionBody | s s s replace /&/g %26 s s replace /%/g %25 s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | enclosingFunctionName | badPercentEscape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:17:59:20 | /&/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | enclosingFunctionBody | s s s replace /&/g %26 s s replace /%/g %25 s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | enclosingFunctionName | badPercentEscape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:23:59:27 | '%26' | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | enclosingFunctionBody | s s s replace /&/g %26 s s replace /%/g %25 s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | enclosingFunctionName | badPercentEscape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:17:60:20 | /%/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | enclosingFunctionBody | s s s replace /&/g %26 s s replace /%/g %25 s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | enclosingFunctionName | badPercentEscape |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:23:60:27 | '%25' | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:20:68:28 | indirect1 | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:31:68:38 | "&quot;" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:20:69:28 | indirect2 | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:69:31:69:38 | "&apos;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:20:70:28 | indirect3 | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | CalleeFlexibleAccessPath | s.replace().replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | enclosingFunctionBody | s indirect1 /"/g indirect2 /'/g indirect3 /&/g s replace indirect1 &quot; replace indirect2 &apos; replace indirect3 &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | enclosingFunctionName | badEncode |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:70:31:70:37 | "&amp;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | enclosingFunctionBody | s repl " &quot; ' &apos; & &amp; s replace /["']/g c repl c replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | enclosingFunctionName | badEncodeWithReplacer |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:20:79:26 | /["']/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | contextSurroundingFunctionParameters | (s)\n(c) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | enclosingFunctionBody | s repl " &quot; ' &apos; & &amp; s replace /["']/g c repl c replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | enclosingFunctionName | badEncodeWithReplacer |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:29:79:42 | (c) => repl[c] | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | enclosingFunctionBody | s repl " &quot; ' &apos; & &amp; s replace /["']/g c repl c replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | enclosingFunctionName | badEncodeWithReplacer |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:53:79:56 | /&/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | enclosingFunctionBody | s repl " &quot; ' &apos; & &amp; s replace /["']/g c repl c replace /&/g &amp; |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | enclosingFunctionName | badEncodeWithReplacer |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:59:79:65 | "&amp;" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | enclosingFunctionName | badRoundtrip |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:20:84:26 | /\\\\\\\\/g | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | enclosingFunctionName | badRoundtrip |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:29:84:32 | "\\\\" | receiverName | s |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | enclosingFunctionName | badRoundtrip |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:43:84:47 | /\\\\/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | enclosingFunctionBody | s s replace /\\\\\\\\/g \\ replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | enclosingFunctionName | badRoundtrip |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:50:84:55 | "\\\\\\\\" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | CalleeFlexibleAccessPath | captured.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | contextSurroundingFunctionParameters | (x)\n() |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | enclosingFunctionBody | x captured x captured captured replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | enclosingFunctionName | testWithCapturedVar |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:33:90:37 | /\\\\/g | receiverName | captured |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | CalleeFlexibleAccessPath | captured.replace |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | contextFunctionInterfaces | badDecode(s)\nbadDecode2(s)\nbadDecode3(s)\nbadEncode(s)\nbadEncode(s)\nbadEncodeWithReplacer(s)\nbadPercentEscape(s)\nbadRoundtrip(s)\nbadUnescape(s)\ncleverEncode(code)\nencodeDecodeEncode(s)\ngoodDecode(s)\ngoodDecodeInLoop(ss)\ngoodEncode(s)\ntestWithCapturedVar(x) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | contextSurroundingFunctionParameters | (x)\n() |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | enclosingFunctionBody | x captured x captured captured replace /\\\\/g \\\\ |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | enclosingFunctionName | testWithCapturedVar |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | fileImports |  |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:40:90:45 | "\\\\\\\\" | receiverName | captured |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:7:3:7:95 | /<(?!ar ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:8:3:8:10 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:15:10:57 | /<(([a- ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:60:10:67 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:14:3:14:75 | /<(?!ar ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:15:3:15:10 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:15:17:37 | /<(([\\w ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:40:17:47 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:21:3:21:76 | /<(?!ar ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:22:3:22:10 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:15:24:38 | /<(([\\w ... )\\/>/gi | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:41:24:48 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:15:26:28 | defaultPattern | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:31:26:38 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:15:30:26 | getPattern() | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:29:30:36 | expanded | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:15:35:28 | defaultPattern | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:31:35:43 | getExpanded() | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:15:36:28 | defaultPattern | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | CalleeFlexibleAccessPath | html.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:31:36:39 | something | receiverName | html |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | CalleeFlexibleAccessPath | defaultPattern.match |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:23:37:31 | something | receiverName | defaultPattern |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | CalleeFlexibleAccessPath | getPattern().match |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | contextFunctionInterfaces | getExpanded()\ngetPattern() |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | enclosingFunctionBody | defaultPattern /<(([\\w:]+)[^>]*)\\/>/gi expanded <$1></$2> html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(([a-z][^\\/\\0>\\x20\\t\\r\\n\\f]*)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:]+)[^>]*)\\/>/gi expanded html replace /<(?!area\|br\|col\|embed\|hr\|img\|input\|link\|meta\|param)(([\\w:-]+)[^>]*)\\/>/gi expanded html replace /<(([\\w:-]+)[^>]*)\\/>/gi expanded html replace defaultPattern expanded getPattern defaultPattern html replace getPattern expanded getExpanded expanded html replace defaultPattern getExpanded html replace defaultPattern something defaultPattern match something getPattern match something |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:21:38:29 | something | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:29:3:52 | /<.*cri ... p.*>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:55:3:56 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:29:4:42 | / on\\w+=".*"/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:45:4:46 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:29:5:44 | / on\\w+=\\'.*\\'/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | enclosingFunctionBody | content content content replace /<.*cript.*\\/scrip.*>/gi  content content replace / on\\w+=".*"/g  content content replace / on\\w+=\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:47:5:48 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:29:9:42 | /<.*cript.*/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:45:9:46 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:29:10:44 | /.on\\w+=.*".*"/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:47:10:48 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:29:11:46 | /.on\\w+=.*\\'.*\\'/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | enclosingFunctionBody | content content content replace /<.*cript.*/gi  content content replace /.on\\w+=.*".*"/g  content content replace /.on\\w+=.*\\'.*\\'/g  content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:49:11:50 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | CalleeFlexibleAccessPath | responseText.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | contextSurroundingFunctionParameters | (responseText) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | enclosingFunctionBody | responseText rscript /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi responseText replace rscript  responseText |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:24:19:30 | rscript | receiverName | responseText |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | CalleeFlexibleAccessPath | responseText.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | contextSurroundingFunctionParameters | (responseText) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | enclosingFunctionBody | responseText rscript /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi responseText replace rscript  responseText |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:33:19:34 | "" | receiverName | responseText |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | CalleeFlexibleAccessPath | text.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | enclosingFunctionBody | text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:23:25:35 | /<!--\|--!?>/g | receiverName | text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | CalleeFlexibleAccessPath | text.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | enclosingFunctionBody | text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:38:25:39 | "" | receiverName | text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | enclosingFunctionBody | text /<!--\|--!?>/g test text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | CalleeFlexibleAccessPath | text.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | enclosingFunctionBody | text /<!--\|--!?>/g test text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:25:30:37 | /<!--\|--!?>/g | receiverName | text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | CalleeFlexibleAccessPath | text.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | enclosingFunctionBody | text /<!--\|--!?>/g test text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:40:30:41 | "" | receiverName | text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | CalleeFlexibleAccessPath | id.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | contextSurroundingFunctionParameters | (id) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | enclosingFunctionBody | id id id replace /\\.\\./g  id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:19:38:25 | /\\.\\./g | receiverName | id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | CalleeFlexibleAccessPath | id.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | contextSurroundingFunctionParameters | (id) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | enclosingFunctionBody | id id id replace /\\.\\./g  id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:28:38:29 | "" | receiverName | id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | CalleeFlexibleAccessPath | id.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | contextSurroundingFunctionParameters | (id) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionBody | id id id replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:19:42:40 | /[\\]\\[* ... \\?\\/]/g | receiverName | id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | CalleeFlexibleAccessPath | id.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | contextSurroundingFunctionParameters | (id) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | enclosingFunctionBody | id id id replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:43:42:44 | "" | receiverName | id |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | CalleeFlexibleAccessPath | req.url.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | contextSurroundingFunctionParameters | (req) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | enclosingFunctionBody | req REG_TRAVEL /(\\/)?\\.\\.\\//g req url req url replace REG_TRAVEL  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:29:49:38 | REG_TRAVEL | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | CalleeFlexibleAccessPath | req.url.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | contextSurroundingFunctionParameters | (req) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | enclosingFunctionBody | req REG_TRAVEL /(\\/)?\\.\\.\\//g req url req url replace REG_TRAVEL  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:41:49:42 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | CalleeFlexibleAccessPath | req.url.substring |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | contextSurroundingFunctionParameters | (req) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | enclosingFunctionBody | req beg i 0 i req url length i req url i . req url i 1 / beg i 1 req url i ? beg req url req url substring beg |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:17:64:68 | /<scrip ... ript>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:71:64:72 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:17:66:51 | /(\\/\|\\s ... '\|")?/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:54:66:55 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:17:68:29 | /<\\/script>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:32:68:33 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:17:70:31 | /<(.)?br(.)?>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:34:70:35 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:17:71:25 | /<\\/?b>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:28:71:29 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:17:72:40 | /<(ul\|o ... ol)>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:43:72:44 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:17:73:30 | /<li><\\/li>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:33:73:34 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:17:75:32 | /<!--(.*?)-->/gm | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:35:75:36 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:17:76:30 | /\\sng-[a-z-]+/ | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:33:76:34 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:17:77:31 | /\\sng-[a-z-]+/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:34:77:35 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:17:79:42 | /(<!--\\ ... ]-->)/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:45:79:48 | "\\n" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:17:81:53 | /<scrip ... ript>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:56:81:57 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:17:82:45 | /<scrip ... ript>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:48:82:49 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:17:83:58 | /<!--[\\ ... ?\\?>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:61:83:62 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:17:85:43 | /\\x2E\\x ... E\\x2F/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:46:85:47 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:17:87:42 | /<scrip ... ipt>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:45:87:46 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:17:89:30 | /^(\\.\\.\\/?)+/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:33:89:34 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:17:92:68 | /<scrip ... ript>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | contextSurroundingFunctionParameters | (x)\n($0) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:71:96:3 | functio ... "";\\n  } | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:17:98:48 | /<\\/?([ ... >]*>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:51:98:52 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:17:100:23 | /\\.\\./g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:26:100:27 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:17:101:25 | /\\.\\.\\//g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:28:101:29 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:17:102:25 | /\\/\\.\\./g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:28:102:29 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:17:104:53 | /<scrip ... ipt>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:56:104:57 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:17:106:59 | /<(scri ... \\s*>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:62:106:63 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:17:107:57 | /\\<scri ... ipt\\>/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:60:107:61 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:17:108:70 | /<(scri ... le)>/gm | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:73:108:74 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:17:109:53 | /<scrip ... ipt>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:56:109:57 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:17:110:45 | /<scrip ... ipt>/gi | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:48:110:49 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:17:111:27 | / ?<!-- ?/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:30:111:31 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:17:112:45 | /requir ... n'\\);/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:48:112:49 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:17:113:36 | /\\.\\.\\/\\.\\.\\/lib\\//g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:39:113:40 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | CalleeFlexibleAccessPath | x.indexOf |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:20:115:22 | "." | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:16:117:22 | /^\\.\\// | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:117:25:117:26 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:16:118:23 | /\\/\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:118:26:118:28 | "/" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | CalleeFlexibleAccessPath | x.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:16:119:31 | /[^\\/]*\\/\\.\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | CalleeFlexibleAccessPath | x.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:119:34:119:35 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:17:122:30 | /([^.\\s]+\\.)+/ | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:33:122:34 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:17:124:48 | /<!\\-\\- ... \\-\\->/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:51:124:52 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:14:127:20 | /^\\.\\// | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:127:23:127:24 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:14:128:21 | /\\/\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:128:24:128:26 | "/" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | CalleeFlexibleAccessPath | x.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:14:129:29 | /[^\\/]*\\/\\.\\.\\// | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | CalleeFlexibleAccessPath | x.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | contextSurroundingFunctionParameters | (x) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | enclosingFunctionBody | x x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g  x x replace /(\\/\|\\s)on\\w+=(\\'\|")?[^"]*(\\'\|")?/g  x x replace /<\\/script>/g  x x replace /<(.)?br(.)?>/g  x x replace /<\\/?b>/g  x x replace /<(ul\|ol)><\\/(ul\|ol)>/gi  x x replace /<li><\\/li>/gi  x x replace /<!--(.*?)-->/gm  x x replace /\\sng-[a-z-]+/  x x replace /\\sng-[a-z-]+/g  x x replace /(<!--\\[CDATA\\[\|\\]\\]-->)/g \n x x replace /<script.+desktop\\-only.+<\\/script>/g  x x replace /<script async.+?<\\/script>/g  x x replace /<!--[\\s\\S]*?-->\|<\\?(?:php)?[\\s\\S]*?\\?>/gi  x x replace /\\x2E\\x2E\\x2F\\x2E\\x2E\\x2F/g  x x replace /<script.*>.*<\\/script>/gi  x x replace /^(\\.\\.\\/?)+/g  x x replace /<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/g $0 unknown $0  x x replace /<\\/?([a-z][a-z0-9]*)\\b[^>]*>/gi  x x replace /\\.\\./g  x x replace /\\.\\.\\//g  x x replace /\\/\\.\\./g  x x replace /<script(.*?)>([\\s\\S]*?)<\\/script>/gi  x x replace /<(script\|del)(?=[\\s>])[\\w\\W]*?<\\/\\1\\s*>/gi  x x replace /\\<script[\\s\\S]*?\\>[\\s\\S]*?\\<\\/script\\>/g  x x replace /<(script\|style\|title)[^<]+<\\/(script\|style\|title)>/gm  x x replace /<script[^>]*>([\\s\\S]*?)<\\/script>/gi  x x replace /<script[\\s\\S]*?<\\/script>/gi  x x replace / ?<!-- ?/g  x x replace /require\\('\\.\\.\\/common'\\);/g  x x replace /\\.\\.\\/\\.\\.\\/lib\\//g  x indexOf . 1 x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x x replace /([^.\\s]+\\.)+/  x x replace /<!\\-\\-DEVEL[\\d\\D]*?DEVEL\\-\\->/g  x x replace /^\\.\\//  replace /\\/\\.\\// / replace /[^\\/]*\\/\\.\\.\\//  x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:129:32:129:33 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:18:135:39 | /<scrip ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:42:135:43 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:18:136:41 | /<(scri ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:44:136:45 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:18:137:43 | /.+<(sc ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:46:137:47 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:18:138:43 | /.*<(sc ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | enclosingFunctionBody | content content replace /<script.*\\/script>/gi  content replace /<(script).*\\/script>/gi  content replace /.+<(script).*\\/script>/gi  content replace /.*<(script).*\\/script>/gi  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:46:138:47 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:29:142:57 | /<scrip ... ipt>/gi | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:60:142:61 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:29:143:51 | /<[a-zA ... n)*?>/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:54:143:55 | '' | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:29:144:86 | /<(scri ... deo)>/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:89:144:90 | '' | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:29:145:85 | /<(scri ... deo)>/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:88:145:89 | '' | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:29:146:38 | /<[^<]*>/g | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | CalleeFlexibleAccessPath | content.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:41:146:42 | "" | receiverName | content |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | CalleeFlexibleAccessPath | n.cloneNode |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:15:148:19 | false | receiverName | n |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:40:148:94 | /<\\/?[\\ ... ]+\|>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:97:148:98 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:109:148:120 | /[\\w:\\-]+/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:123:150:3 | functio ... });\\n  } | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | receiverName | o |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | InputAccessPathFromCallee | 0.specified |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | assignedToPropName | specified |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:25:149:25 | 1 | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | InputAccessPathFromCallee | 0.nodeName |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | assignedToPropName | nodeName |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:39:149:39 | a | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | CalleeFlexibleAccessPath | n.cloneNode |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:15:152:19 | false | receiverName | n |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:40:152:94 | /<\\/?[\\ ... ]+\|>/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:97:152:98 | '' | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | contextSurroundingFunctionParameters | (content) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:109:152:120 | /[\\w:\\-]+/gi | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | CalleeFlexibleAccessPath | n.cloneNode().outerHTML.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:123:154:3 | functio ... });\\n  } | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | receiverName | o |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | InputAccessPathFromCallee | 0.specified |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | assignedToPropName | specified |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:25:153:25 | 1 | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | InputAccessPathFromCallee | 0.nodeName |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | assignedToPropName | nodeName |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:39:153:39 | a | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | CalleeFlexibleAccessPath | require |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:23:1:31 | 'express' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | enclosingFunctionBody | s s replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | enclosingFunctionName | bad1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:20:5:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | enclosingFunctionBody | s s replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | enclosingFunctionName | bad1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:25:5:26 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | enclosingFunctionBody | s s replace /'/  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | enclosingFunctionName | bad2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:20:9:22 | /'/ | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | enclosingFunctionBody | s s replace /'/  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | enclosingFunctionName | bad2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:25:9:26 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | enclosingFunctionBody | s s replace /'/g \\' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | enclosingFunctionName | bad3 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:20:13:23 | /'/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | enclosingFunctionBody | s s replace /'/g \\' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | enclosingFunctionName | bad3 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:26:13:30 | "\\\\'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | enclosingFunctionBody | s s replace /'/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | enclosingFunctionName | bad4 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:20:17:23 | /'/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | enclosingFunctionBody | s s replace /'/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | enclosingFunctionName | bad4 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:26:17:31 | "\\\\$&" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | enclosingFunctionBody | s s replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | enclosingFunctionName | bad5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:20:21:26 | /['"]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | enclosingFunctionBody | s s replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | enclosingFunctionName | bad5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:29:21:34 | "\\\\$&" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | enclosingFunctionBody | s s replace /(['"])/g \\$1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | enclosingFunctionName | bad6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:20:25:28 | /(['"])/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | enclosingFunctionBody | s s replace /(['"])/g \\$1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | enclosingFunctionName | bad6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:31:25:36 | "\\\\$1" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | enclosingFunctionBody | s s replace /('\|")/g \\$1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | enclosingFunctionName | bad7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:20:29:27 | /('\|")/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | enclosingFunctionBody | s s replace /('\|")/g \\$1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | enclosingFunctionName | bad7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:30:29:35 | "\\\\$1" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | enclosingFunctionBody | s s replace \|  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | enclosingFunctionName | bad8 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:20:33:22 | '\|' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | enclosingFunctionBody | s s replace \|  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | enclosingFunctionName | bad8 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:25:33:26 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | enclosingFunctionBody | s s replace /"/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | enclosingFunctionName | bad9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:20:37:23 | /"/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | enclosingFunctionBody | s s replace /"/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | enclosingFunctionName | bad9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:26:37:31 | "\\\\\\"" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | enclosingFunctionBody | s s replace / %2F |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | enclosingFunctionName | bad10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:20:41:22 | "/" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | enclosingFunctionBody | s s replace / %2F |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | enclosingFunctionName | bad10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:25:41:29 | "%2F" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | enclosingFunctionBody | s s replace %25 % |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | enclosingFunctionName | bad11 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:20:45:24 | "%25" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | enclosingFunctionBody | s s replace %25 % |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | enclosingFunctionName | bad11 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:27:45:29 | "%" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | enclosingFunctionBody | s s replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | enclosingFunctionName | bad12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:20:49:22 | `'` | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | enclosingFunctionBody | s s replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | enclosingFunctionName | bad12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:25:49:26 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | enclosingFunctionBody | s s replace ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | enclosingFunctionName | bad13 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:20:53:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | enclosingFunctionBody | s s replace ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | enclosingFunctionName | bad13 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:25:53:26 | `` | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | enclosingFunctionBody | s s replace ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | enclosingFunctionName | bad14 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:20:57:22 | `'` | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | enclosingFunctionBody | s s replace ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | enclosingFunctionName | bad14 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:25:57:26 | `` | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | enclosingFunctionBody | s s replace '   |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | enclosingFunctionName | bad15 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:20:61:27 | "'" + "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | enclosingFunctionBody | s s replace '   |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | enclosingFunctionName | bad15 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:30:61:31 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | enclosingFunctionBody | s s replace '   |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | enclosingFunctionName | bad16 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:20:65:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | enclosingFunctionBody | s s replace '   |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | enclosingFunctionName | bad16 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:25:65:31 | "" + "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | enclosingFunctionBody | s s replace '    |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | enclosingFunctionName | bad17 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:20:69:27 | "'" + "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | enclosingFunctionBody | s s replace '    |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | enclosingFunctionName | bad17 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:30:69:36 | "" + "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | CalleeFlexibleAccessPath | s.indexOf |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | enclosingFunctionBody | s s indexOf ' 0 s s replace '  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | enclosingFunctionName | good1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:20:73:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | enclosingFunctionBody | s s indexOf ' 0 s s replace '  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | enclosingFunctionName | good1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:19:74:21 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | enclosingFunctionBody | s s indexOf ' 0 s s replace '  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | enclosingFunctionName | good1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:24:74:25 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | CalleeFlexibleAccessPath | s.indexOf |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | enclosingFunctionBody | s s indexOf ' 0 s s replace /'/  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | enclosingFunctionName | good2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:20:79:22 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | enclosingFunctionBody | s s indexOf ' 0 s s replace /'/  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | enclosingFunctionName | good2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:19:80:21 | /'/ | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | enclosingFunctionBody | s s indexOf ' 0 s s replace /'/  s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | enclosingFunctionName | good2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:24:80:25 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | enclosingFunctionBody | s s replace @user id10t |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | enclosingFunctionName | good3 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:20:85:26 | "@user" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | enclosingFunctionBody | s s replace @user id10t |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | enclosingFunctionName | good3 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:29:85:35 | "id10t" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | enclosingFunctionBody | s s replace /#/g \\d+ |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | enclosingFunctionName | good4 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:20:89:23 | /#/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | enclosingFunctionBody | s s replace /#/g \\d+ |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | enclosingFunctionName | good4 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:26:89:31 | "\\\\d+" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | enclosingFunctionBody | s s replace /\\\\/g \\\\ replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | enclosingFunctionName | good5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:20:93:24 | /\\\\/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | enclosingFunctionBody | s s replace /\\\\/g \\\\ replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | enclosingFunctionName | good5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:27:93:32 | "\\\\\\\\" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | enclosingFunctionBody | s s replace /\\\\/g \\\\ replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | enclosingFunctionName | good5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:43:93:49 | /['"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | enclosingFunctionBody | s s replace /\\\\/g \\\\ replace /['"]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | enclosingFunctionName | good5 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:52:93:57 | "\\\\$&" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | enclosingFunctionBody | s s replace /[\\\\]/g \\\\ replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | enclosingFunctionName | good6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:20:97:26 | /[\\\\]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | enclosingFunctionBody | s s replace /[\\\\]/g \\\\ replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | enclosingFunctionName | good6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:29:97:34 | '\\\\\\\\' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | enclosingFunctionBody | s s replace /[\\\\]/g \\\\ replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | enclosingFunctionName | good6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:45:97:51 | /[\\"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | enclosingFunctionBody | s s replace /[\\\\]/g \\\\ replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | enclosingFunctionName | good6 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:54:97:58 | '\\\\"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | enclosingFunctionBody | s s s replace /[\\\\]/g \\\\ s replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | enclosingFunctionName | good7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:17:101:23 | /[\\\\]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | enclosingFunctionBody | s s s replace /[\\\\]/g \\\\ s replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | enclosingFunctionName | good7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:26:101:31 | '\\\\\\\\' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | enclosingFunctionBody | s s s replace /[\\\\]/g \\\\ s replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | enclosingFunctionName | good7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:20:102:26 | /[\\"]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | enclosingFunctionBody | s s s replace /[\\\\]/g \\\\ s replace /[\\"]/g \\" |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | enclosingFunctionName | good7 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:29:102:33 | '\\\\"' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | enclosingFunctionBody | s s replace /\\W/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | enclosingFunctionName | good8 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:20:106:24 | /\\W/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | enclosingFunctionBody | s s replace /\\W/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | enclosingFunctionName | good8 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:27:106:32 | '\\\\$&' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | enclosingFunctionBody | s s replace /[^\\w\\s]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | enclosingFunctionName | good9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:20:110:29 | /[^\\w\\s]/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | enclosingFunctionBody | s s replace /[^\\w\\s]/g \\$& |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | enclosingFunctionName | good9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:32:110:37 | '\\\\$&' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:22:114:22 | s | receiverName | JSON |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | CalleeFlexibleAccessPath | s.slice |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:15:115:15 | 1 | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | CalleeFlexibleAccessPath | s.slice |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:18:115:19 | -1 | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:17:116:22 | /\\\\"/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:25:116:27 | '"' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:17:117:20 | /'/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | enclosingFunctionBody | s s JSON stringify s s s slice 1 1 s s replace /\\\\"/g " s s replace /'/g \\' ' s ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | enclosingFunctionName | good10 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:23:117:27 | "\\\\'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | enclosingFunctionBody | s s replace /#/g \ud83d\udca9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | enclosingFunctionName | flowifyComments |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:20:122:23 | /#/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | enclosingFunctionBody | s s replace /#/g \ud83d\udca9 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | enclosingFunctionName | flowifyComments |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:26:122:29 | '\\u1f4a9\\udca9' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | enclosingFunctionBody | s s replace %d 42 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | enclosingFunctionName | good11 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:20:126:23 | "%d" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | enclosingFunctionBody | s s replace %d 42 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | enclosingFunctionName | good11 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:26:126:29 | "42" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:12:130:14 | '[' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:17:130:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:29:130:31 | ']' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:34:130:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:12:131:14 | '(' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:17:131:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:29:131:31 | ')' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:34:131:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:12:132:14 | '{' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:17:132:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:29:132:31 | '}' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:34:132:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:12:133:14 | '<' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:17:133:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:29:133:31 | '>' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:34:133:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:12:135:14 | '[' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:17:135:21 | '\\\\[' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:32:135:34 | ']' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:37:135:41 | '\\\\]' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:12:136:14 | '{' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:17:136:21 | '\\\\{' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:32:136:34 | '}' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:37:136:41 | '\\\\}' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:16:138:18 | '[' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:21:138:22 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:16:139:18 | ']' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:21:139:22 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:12:140:14 | /{/ | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:17:140:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:29:140:31 | /}/ | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:34:140:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:12:141:14 | ']' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:17:141:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:29:141:31 | '[' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | enclosingFunctionBody | s s replace [  replace ]  s replace (  replace )  s replace {  replace }  s replace <  replace >  s replace [ \\[ replace ] \\] s replace { \\{ replace } \\} s s replace [  s s replace ]  s replace /{/  replace /}/  s replace ]  replace [  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | enclosingFunctionName | good12 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:34:141:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | CalleeFlexibleAccessPath | require |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:10:146:24 | "child_process" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | CalleeFlexibleAccessPath | import(!).execSync |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | calleeImports | child_process |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:36:146:48 | "which emacs" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | CalleeFlexibleAccessPath | import(!).execSync().toString().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | calleeImports | child_process |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:70:146:73 | "\\n" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | CalleeFlexibleAccessPath | import(!).execSync().toString().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | calleeImports | child_process |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:76:146:77 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:12:148:15 | "\\n" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:18:148:19 | "" | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:30:148:30 | x | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:33:148:33 | y | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:12:149:12 | x | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:15:149:15 | y | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:26:149:29 | "\\n" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | enclosingFunctionBody | s require child_process execSync which emacs toString replace \n  x replace \n  replace x y x replace x y replace \n  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | enclosingFunctionName | newlines |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:32:149:33 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | CalleeFlexibleAccessPath | app.get |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | calleeImports | express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | contextSurroundingFunctionParameters |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:9:152:20 | '/some/path' | receiverName | app |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | CalleeFlexibleAccessPath | app.get |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | calleeImports | express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:23:189:1 | functio ... ted);\\n} | receiverName | app |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | CalleeFlexibleAccessPath | req.param |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | enclosingFunctionBody | req res untrusted req param p bad1 untrusted bad2 untrusted bad3 untrusted bad4 untrusted bad5 untrusted bad6 untrusted bad7 untrusted bad8 untrusted bad9 untrusted bad10 untrusted bad11 untrusted bad12 untrusted bad13 untrusted bad14 untrusted bad15 untrusted bad16 untrusted bad17 untrusted good1 untrusted good2 untrusted good3 untrusted good4 untrusted good5 untrusted good6 untrusted good7 untrusted good8 untrusted good9 untrusted good10 untrusted flowifyComments untrusted good11 untrusted good12 untrusted |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:29:153:31 | "p" | receiverName | req |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | enclosingFunctionBody | s indirect /'/ s replace indirect  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:19:193:26 | indirect | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | enclosingFunctionBody | s indirect /'/ s replace indirect  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:29:193:30 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:12:197:14 | '"' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:17:197:18 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:29:197:31 | '"' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:34:197:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:12:198:14 | "'" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:17:198:18 | "" | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:29:198:31 | "'" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | CalleeFlexibleAccessPath | s.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | enclosingFunctionBody | s s replace "  replace "  s replace '  replace '  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:34:198:35 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | CalleeFlexibleAccessPath | p.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | contextSurroundingFunctionParameters | (p) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | enclosingFunctionBody | p p replace /../  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | enclosingFunctionName | bad18 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:20:202:25 | "/../" | receiverName | p |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | CalleeFlexibleAccessPath | p.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | contextSurroundingFunctionParameters | (p) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | enclosingFunctionBody | p p replace /../  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | enclosingFunctionName | bad18 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:28:202:29 | "" | receiverName | p |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:14:206:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:22:206:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:14:207:21 | /[<>&]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:24:207:25 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:14:208:21 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:24:208:25 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:14:209:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:20:209:21 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:32:209:35 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:38:209:39 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:14:210:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:20:210:21 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:32:210:35 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:38:210:39 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:50:210:53 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:56:210:57 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:14:211:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:20:211:21 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:32:211:35 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:38:211:39 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:50:211:53 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:56:211:57 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:14:212:17 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:20:212:21 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:32:212:35 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:38:212:39 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:50:212:53 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:56:212:57 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:22:214:25 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:28:214:29 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:16:215:19 | />/g | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | CalleeFlexibleAccessPath | s.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:22:215:23 | '' | receiverName | s |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:14:216:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:20:216:25 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:36:216:39 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:42:216:46 | '&gt' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:57:216:60 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:63:216:69 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:80:216:83 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:86:216:92 | '&#34;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:14:217:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:20:217:25 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:36:217:39 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:42:217:46 | '&gt' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:57:217:60 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:63:217:69 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:80:217:83 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:86:217:92 | '&#39;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:14:219:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:20:219:25 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:36:219:39 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:42:219:46 | '&gt' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:57:219:58 | RE | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | contextSurroundingFunctionParameters | (s)\n(match) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:61:219:88 | functio ... .. */ } | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:14:221:23 | /[<>'"&]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:25:221:26 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:14:223:17 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:20:223:25 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:36:223:39 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:42:223:47 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:58:223:61 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:64:223:71 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:82:223:97 | /&(?![\\w\\#]+;)/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:100:223:106 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:14:225:44 | !encode ...  : /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:47:225:53 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:64:225:67 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:70:225:75 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:86:225:89 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | CalleeFlexibleAccessPath | s().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:92:225:97 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:108:225:111 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:114:225:121 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | CalleeFlexibleAccessPath | s().replace().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:132:225:135 | /'/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | CalleeFlexibleAccessPath | s().replace().replace().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:138:225:145 | '&apos;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:14:227:31 | /[\\\\/:\\*\\?"<>\\\|]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:34:227:35 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:14:229:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:22:229:24 | '_' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:14:231:17 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:20:231:25 | "&gt;" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:14:233:62 | /[\\#\\%4 ... aFBb]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:65:233:66 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:14:235:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:22:235:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:34:235:42 | /[^a-z]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:45:235:46 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:14:237:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:22:237:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:34:237:42 | /[^abc]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:45:237:46 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:14:239:20 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:22:239:23 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:34:239:41 | /[ -~]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | contextSurroundingFunctionParameters | (s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | enclosingFunctionBody | s s replace /[<>]/g  s replace /[<>&]/g  s replace /[<>"]/g  s replace /</g  replace />/g  s replace /</g  replace />/g  replace /&/g  s replace /</g  replace /&/g  replace />/g  s replace /&/g  replace />/g  replace /</g  s s replace /</g  s s replace />/g  s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /"/g &#34; s replace /</g &lt; replace />/g &gt replace /&/g &amp; replace /'/g &#39; s replace /</g &lt; replace />/g &gt replace RE match s replace /[<>'"&]/g  s replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /&(?![\\w\\#]+;)/g &amp; s replace encode /&(?!#?\\w+;)/g /&/g &amp; replace /</g &lt; replace />/g &gt; replace /"/g &quot; replace /'/g &apos; s replace /[\\\\/:\\*\\?"<>\\\|]/g  s replace /[<>]/g _ s replace /&/g &gt; s replace /[\\#\\%4\\/\\-\\~\\>8\\_\\@0\\!\\&3\\[651d\\=e7fA2D\\(aFBb]/g  s replace /[<>]/g  replace /[^a-z]/g  s replace /[<>]/g  replace /[^abc]/g  s replace /[<>]/g  replace /[ -~]/g  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | enclosingFunctionName | typicalBadHtmlSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:44:239:45 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:21:243:27 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:29:243:30 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:21:244:28 | /[<>&]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:31:244:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:21:245:28 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:31:245:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:21:246:29 | /[<>&"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:31:246:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:21:247:27 | /[&"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:29:247:30 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:21:249:29 | /[<>&']/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:31:249:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:21:250:29 | /[<>&"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:31:250:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:21:251:29 | /[<>&']/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:31:251:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:33:253:40 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:43:253:44 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:44:254:51 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:54:254:55 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:38:255:45 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:48:255:49 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:27:256:34 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | enclosingFunctionBody | =" s replace /[<>]/g  " =" s replace /[<>&]/g  " =" s replace /[<>"]/g  " =" s replace /[<>&"]/g  " =" s replace /[&"]/g  " =" s replace /[<>&']/g  " =' s replace /[<>&"]/g  ' =' s replace /[<>&']/g  ' onFunkyEvent=" s replace /[<>"]/g  " <div noise onFunkyEvent=" s replace /[<>"]/g  " <div noise monday=" s replace /[<>"]/g  " monday=" s replace /[<>"]/g  " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:37:256:38 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | CalleeFlexibleAccessPath | value.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:24:261:27 | /&/g | receiverName | value |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | CalleeFlexibleAccessPath | value.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:30:261:36 | '&amp;' | receiverName | value |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | CalleeFlexibleAccessPath | value.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:47:261:50 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | CalleeFlexibleAccessPath | value.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:53:261:58 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | CalleeFlexibleAccessPath | value.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:69:261:72 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | CalleeFlexibleAccessPath | value.replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | contextSurroundingFunctionParameters | (value) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:75:261:80 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | CalleeFlexibleAccessPath | escapeHTML().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | contextSurroundingFunctionParameters | (a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:60:264:63 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | CalleeFlexibleAccessPath | escapeHTML().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | contextSurroundingFunctionParameters | (a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:66:264:73 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | CalleeFlexibleAccessPath | tag |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:22:266:25 | node | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | CalleeFlexibleAccessPath | ?.map.call |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:42:266:42 | x | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | CalleeFlexibleAccessPath | ?.map |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | CalleeFlexibleAccessPath | ?.map.call |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | CalleeFlexibleAccessPath | ?.map.call().join |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | enclosingFunctionBody | escapeHTML value value replace /&/g &amp; replace /</g &lt; replace />/g &gt; attr_str a   a name =" escapeHTML a value replace /"/g &quot; " result < tag node map call x attr_str join  > |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | enclosingFunctionName | multiStepSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:60:266:61 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:2:270:5 | '<a' | stringConcatenatedWith |  -endpoint- noise + 'onclick="javascript:document.foo.bar('' + s().replace() + ''); return false;">' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:9:270:13 | noise | stringConcatenatedWith | '<a' -endpoint- 'onclick="javascript:document.foo.bar('' + s().replace() + ''); return false;">' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:17:270:57 | 'onclic ... bar(\\'' | stringConcatenatedWith | '<a' + noise -endpoint- s().replace() + ''); return false;">' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') | stringConcatenatedWith | '<a' + noise + 'onclick="javascript:document.foo.bar('' -endpoint- ''); return false;">' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:73:270:80 | /[<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:83:270:84 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:89:270:110 | '\\'); r ... lse;">' | stringConcatenatedWith | '<a' + noise + 'onclick="javascript:document.foo.bar('' + s().replace() -endpoint-  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:21:271:27 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:29:271:30 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:41:271:50 | /[^\\w ]+/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | CalleeFlexibleAccessPath | s().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:53:271:54 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | CalleeFlexibleAccessPath | encodeURIComponent |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:40:272:46 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:48:272:49 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | CalleeFlexibleAccessPath | s().val().trim().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:37:274:44 | /^,\|,$/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | CalleeFlexibleAccessPath | s().val().trim().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:48:274:49 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | CalleeFlexibleAccessPath | s().val().trim().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:60:274:67 | /^;\|;$/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | CalleeFlexibleAccessPath | s().val().trim().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:71:274:72 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | CalleeFlexibleAccessPath | s().val().trim().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:83:274:88 | /<\|>/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | CalleeFlexibleAccessPath | s().val().trim().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:92:274:93 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | CalleeFlexibleAccessPath | arr.join |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:18:275:20 | " " | receiverName | arr |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | CalleeFlexibleAccessPath | s().val().trim().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:38:276:45 | /^,\|,$/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | CalleeFlexibleAccessPath | s().val().trim().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:49:276:50 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | CalleeFlexibleAccessPath | s().val().trim().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:61:276:68 | /^;\|;$/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | CalleeFlexibleAccessPath | s().val().trim().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:72:276:73 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | CalleeFlexibleAccessPath | s().val().trim().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:84:276:89 | /<\|>/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | CalleeFlexibleAccessPath | s().val().trim().replace().replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:93:276:94 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | CalleeFlexibleAccessPath | arr2.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:22:277:25 | /"/g | receiverName | arr2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | CalleeFlexibleAccessPath | arr2.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:27:277:28 | "" | receiverName | arr2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | CalleeFlexibleAccessPath | arr2.join |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:19:278:21 | " " | receiverName | arr2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:16:281:19 | /&/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:22:281:28 | '&amp;' | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:16:282:19 | /</g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:22:282:27 | '&lt;' | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:38:282:41 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | CalleeFlexibleAccessPath | x.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:44:282:49 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:16:284:19 | /"/g | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | CalleeFlexibleAccessPath | x.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:22:284:29 | '&quot;' | receiverName | x |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:17:289:20 | /&/g | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:23:289:29 | '&amp;' | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:16:291:19 | /</g | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:22:291:27 | '&lt;' | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | CalleeFlexibleAccessPath | y.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:38:291:41 | />/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | CalleeFlexibleAccessPath | y.replace().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:44:291:49 | '&gt;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:17:294:20 | /"/g | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | CalleeFlexibleAccessPath | y.replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | enclosingFunctionBody | <a noise onclick="javascript:document.foo.bar(' s replace /[<>"]/g  '); return false;"> =" s replace /[<>]/g  replace /[^\\w ]+/g  " =" encodeURIComponent s replace /[<>]/g  " arr s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  =" arr join   " arr2 s val trim replace /^,\|,$/g  replace /^;\|;$/g  replace /<\|>/g  arr2 arr2 replace /"/g  =" arr2 join   " x x x replace /&/g &amp; x x replace /</g &lt; replace />/g &gt; onclick=" x " x x replace /"/g &quot; onclick=" x " y escapeAmpersand y y replace /&/g &amp; y y replace /</g &lt; replace />/g &gt; onclick=" y " escapeQuotes y y replace /"/g &quot; onclick=" y " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | enclosingFunctionName | moreIncompleteHtmlAttributeSanitization |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:23:294:30 | '&quot;' | receiverName | y |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:22:300:29 | /[&<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:31:300:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:22:301:28 | /[<>]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:30:301:31 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:22:302:30 | /[&<>"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:32:302:33 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:22:303:29 | /[<>&]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:32:303:33 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:21:304:29 | /[<>&"]/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:31:304:32 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:22:305:30 | /[<>&']/g | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | enclosingFunctionBody | =' s replace /[&<>]/g  ' =' s replace /[<>]/g  ' =' s replace /[&<>"]/g  ' =' s replace /[<>&]/g  ' =" s replace /[<>&"]/g  " =' s replace /[<>&']/g  ' |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | enclosingFunctionName | incompleteHtmlAttributeSanitization2 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:32:305:33 | '' | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | enclosingFunctionBody | =' s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; ' =" s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | enclosingFunctionName | incompleteComplexSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:22:309:31 | /[&<>"]/gm | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | contextSurroundingFunctionParameters | ()\n(str) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | enclosingFunctionBody | =' s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; ' =" s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | enclosingFunctionName | incompleteComplexSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:34:318:2 | functio ... t;";\\n\\t} | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | contextSurroundingFunctionParameters | () |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | enclosingFunctionBody | =' s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; ' =" s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | enclosingFunctionName | incompleteComplexSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:21:320:30 | /[&<>"]/gm | fileImports | child_process express |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | CalleeFlexibleAccessPath | s().replace |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | contextFunctionInterfaces | attr_str(a)\nbad1(s)\nbad10(s)\nbad11(s)\nbad12(s)\nbad13(s)\nbad14(s)\nbad15(s)\nbad16(s)\nbad17(s)\nbad18(p)\nbad2(s)\nbad3(s)\nbad4(s)\nbad5(s)\nbad6(s)\nbad7(s)\nbad8(s)\nbad9(s)\nescapeHTML(value)\nflowifyComments(s)\ngood1(s)\ngood10(s)\ngood11(s)\ngood12(s)\ngood2(s)\ngood3(s)\ngood4(s)\ngood5(s)\ngood6(s)\ngood7(s)\ngood8(s)\ngood9(s)\nincompleteComplexSanitizers()\nincompleteHtmlAttributeSanitization()\nincompleteHtmlAttributeSanitization2()\nmoreIncompleteHtmlAttributeSanitization()\nmultiStepSanitization()\nnewlines(s)\ntypicalBadHtmlSanitizers(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | contextSurroundingFunctionParameters | ()\n(str) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | enclosingFunctionBody | =' s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; ' =" s replace /[&<>"]/gm str str & &amp; str < &lt; str > &gt; str " &quot; " |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | enclosingFunctionName | incompleteComplexSanitizers |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:33:329:2 | functio ... t;";\\n\\t} | fileImports | child_process express |
 | index.js:1:20:1:23 | "fs" | CalleeFlexibleAccessPath | require |
 | index.js:1:20:1:23 | "fs" | InputArgumentIndex | 0 |
 | index.js:1:20:1:23 | "fs" | calleeImports |  |
@@ -20141,6 +29928,10 @@ invalidTokenFeatures
 | autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | CalleeFlexibleAccessPath | safe.call |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 0 |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:68:19:68:21 | foo | InputArgumentIndex | 1 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | CalleeFlexibleAccessPath | ?.map |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | CalleeFlexibleAccessPath | ?.map.call |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:45:266:52 | attr_str | InputArgumentIndex | 1 |
 | index.js:44:39:44:57 | '' + x.responseText | CalleeFlexibleAccessPath | o.success |
 | index.js:44:39:44:57 | '' + x.responseText | CalleeFlexibleAccessPath | o.success.call |
 | index.js:44:39:44:57 | '' + x.responseText | InputArgumentIndex | 0 |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.expected
index 5489a3ca9d7..199c59a7691 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataInference.expected
@@ -1,7 +1,13 @@
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id |
@@ -9,16 +15,23 @@
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] |
+| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name |
-| DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
 | DomBasedXssAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix |
 | DomBasedXssAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path |
 | DomBasedXssAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath |
 | DomBasedXssAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath |
+| DomBasedXssAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:7:47:7:69 | classNa ... w.name) |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:8:47:8:70 | classNa ... w.name) |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:9:47:9:70 | classNa ... w.name) |
@@ -26,11 +39,19 @@
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:11:47:11:64 | unsafeStyle('foo') |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:17:5:17:79 | documen ... <span>` |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:2:49:2:61 | location.href |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/jquery.js:7:20:7:26 | tainted |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/jquery.js:10:13:10:31 | location.toString() |
+| DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/jquery.js:34:13:34:16 | hash |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` |
 | DomBasedXssAtmConfig | autogenerated/Xss/DomBasedXss/sanitiser.js:23:29:23:35 | tainted |
@@ -81,6 +102,8 @@
 | DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:99:31:99:38 | req.body |
 | DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXss.js:102:68:102:75 | req.body |
 | DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:45:19:57 | req.params.id |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/live-server.js:6:28:6:34 | tainted |
+| DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/live-server.js:12:28:12:34 | tainted |
 | DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:13:42:13:48 | req.url |
 | DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] |
 | DomBasedXssAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url |
@@ -90,6 +113,8 @@
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:27:23:35 | { id: v } |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) |
+| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:10:17:10:18 | {} |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:12:17:12:18 | {} |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:14:17:14:18 | {} |
@@ -111,15 +136,26 @@
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:44:99:48 | query |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseJsonParse.js:19:19:19:20 | {} |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" |
-| NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query |
 | NosqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:29:38:29:62 | { path: ... .path } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:33:34:33:58 | { name: ... .name } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:37:35:37:59 | { name: ... .name } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:41:33:44:5 | {\\n      ... )\\n    } |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:48:33:51:5 | {\\n      ... "\\n    } |
 | NosqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path |
 | NosqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath |
 | NosqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/other-fs-libraries.js:62:37:62:47 | {cwd: path} |
+| NosqlInjectionAtmConfig | autogenerated/TaintedPath/other-fs-libraries.js:63:45:63:55 | {cwd: path} |
 | NosqlInjectionAtmConfig | autogenerated/TaintedPath/pupeteer.js:9:20:9:50 | { path: ...  'a4' } |
 | NosqlInjectionAtmConfig | autogenerated/TaintedPath/pupeteer.js:13:29:13:45 | { path: tainted } |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:19:26:19:28 | div |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/clipboard.ts:54:30:54:32 | div |
 | NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint |
 | NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:26:19:28 | div |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:30:54:32 | div |
 | NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:8:22:14:3 | {\\n    f ...  OK\\n  } |
 | NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver |
 | NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst3.js:6:27:6:32 | data.w |
@@ -132,6 +168,8 @@
 | NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:199:32:199:75 | {danger ... inted}} |
 | NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:200:32:200:75 | {danger ... inted}} |
 | NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:361:14:361:19 | target |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:442:25:442:40 | {"html": source} |
+| NosqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/tst.js:444:35:444:50 | {"html": source} |
 | NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:5:11:5:11 | x |
 | NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:9:11:9:13 | foo |
 | NosqlInjectionAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:21:11:21:21 | foo + "bar" |
@@ -156,8 +194,14 @@
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:85:20:85:22 | tag |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:130:23:130:24 | id |
@@ -165,22 +209,29 @@
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] |
+| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:34 | "SELECT ... ategory |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:6:15:7:55 | "SELECT ...  PRICE" |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name |
-| SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:34 | "SELECT ... ategory |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:7:16:8:55 | "SELECT ...  PRICE" |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:60 | 'SELECT ... rams.id |
 | SqlInjectionAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst.js:10:10:10:58 | 'SELECT ... rams.id |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix |
 | SqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:312:19:312:22 | path |
 | SqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath |
 | SqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath |
+| SqlInjectionAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path |
 | SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/classnames.js:10:45:10:55 | window.name |
 | SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:15:65:15:69 | taint |
 | SqlInjectionAtmConfig | autogenerated/Xss/DomBasedXss/dates.js:17:49:17:53 | taint |
@@ -218,7 +269,13 @@
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:14:30:14:30 | v |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:22:33:22:33 | v |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/typed/typedClient.ts:23:33:23:33 | v |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/graphql.js:109:13:109:14 | id |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:26:25:26:29 | query |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:15:32:59 | `(\|(nam ... ame}))` |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:40:15:42:11 | `(\|(nam ...   )}))` |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/ldap.js:64:5:64:49 | `(\|(nam ... ame}))` |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:21:25:21:45 | '' + qu ... y.title |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:24:25:24:50 | query.b ... bstr(1) |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongodb.js:77:22:77:24 | tag |
@@ -228,17 +285,23 @@
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:22:11:22 | v |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:22:12:32 | req.body.id |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:22:13:37 | `${req.body.id}` |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:21:10:26 | [temp] |
+| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/mysql.js:10:22:10:25 | temp |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:26:13:26:25 | req.params.id |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:41:7:41:20 | req.params.foo |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:48:13:48:27 | req.params.name |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:55:13:55:27 | req.params.name |
-| TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/redis.js:52:28:52:30 | key |
 | TaintedPathAtmConfig | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:23:16:41 | req.params.category |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:115:12:115:51 | path.re ... /g, '') |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:116:12:116:36 | path.re ... /g, '') |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:128:11:128:50 | path.re ... /g, '') |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/TaintedPath.js:129:12:129:36 | path.re ... /g, '') |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:29:46:29:60 | req.params.path |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:33:42:33:56 | req.params.name |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:37:43:37:57 | req.params.name |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:43:15:43:29 | req.params.path |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/handlebars.js:49:17:49:33 | req.params.prefix |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:21:14:21:49 | pathMod ... y.path) |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:31:14:31:49 | pathMod ... y.path) |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:54:14:54:49 | pathMod ... y.path) |
@@ -260,6 +323,8 @@
 | TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:321:19:321:32 | normalizedPath |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:328:19:328:32 | normalizedPath |
 | TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:339:13:339:46 | pathMod ... y.path) |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:381:25:381:28 | path |
+| TaintedPathAtmConfig | autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) |
 | TaintedPathAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:10:30:10:47 | req.query.receiver |
 | TaintedPathAtmConfig | autogenerated/Xss/DomBasedXss/nodemailer.js:12:11:12:69 | `Hi, yo ... sage}.` |
 | TaintedPathAtmConfig | autogenerated/Xss/ExceptionXss/exception-xss.js:117:11:117:23 | req.params.id |
@@ -276,3 +341,5 @@
 | TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:42:40:50 | [req.url] |
 | TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:40:43:40:49 | req.url |
 | TaintedPathAtmConfig | autogenerated/Xss/ReflectedXss/partial.js:49:38:49:44 | req.url |
+| XssThroughDomAtmConfig | autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:45:109:55 | this.el.src |
+| XssThroughDomAtmConfig | autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:53:122:70 | ev.target.files[0] |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
index 18822ab887b..aaab275ece6 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
@@ -1,4 +1,273 @@
 endpoints
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | SqlInjection | sinkLabel | Sink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -15,14 +284,104 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | SqlInjection | sinkLabel | Sink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -871,6 +1230,97 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | NosqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1012,6 +1462,10 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | SqlInjection | sinkLabel | Sink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | SqlInjection | sinkLabel | Sink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1649,6 +2103,67 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | TaintedPath | sinkLabel | Sink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2263,6 +2778,163 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | TaintedPath | sinkLabel | Sink | string |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2319,6 +2991,50 @@ endpoints
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | TaintedPath | sinkLabel | Sink | string |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2359,6 +3075,39 @@ endpoints
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2371,6 +3120,14 @@ endpoints
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | TaintedPath | sinkLabel | Sink | string |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | TaintedPath | sinkLabel | Sink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2768,6 +3525,39 @@ endpoints
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2852,6 +3642,117 @@ endpoints
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2908,6 +3809,149 @@ endpoints
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3002,6 +4046,79 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3520,6 +4637,14 @@ endpoints
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4122,6 +5247,290 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4511,6 +5920,64 @@ endpoints
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5352,6 +6819,26 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5491,6 +6978,46 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | Xss | sinkLabel | Sink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -6174,6 +7701,85 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -6421,6 +8027,150 @@ endpoints
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | Xss | sinkLabel | Sink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | Xss | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | Xss | sinkLabel | Sink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | Xss | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | Xss | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | Xss | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | XssThroughDom | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | NosqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | SqlInjection | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | TaintedPath | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | Xss | sinkLabel | NotASink | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:21:9:21:9 | x | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:21:9:21:9 | x | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:21:9:21:9 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -6601,6 +8351,246 @@ endpoints
 | index.js:50:15:50:19 | ready | XssThroughDom | notASinkReason | Timeout | string |
 | index.js:50:15:50:19 | ready | XssThroughDom | sinkLabel | NotASink | string |
 tokenFeatures
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | CalleeFlexibleAccessPath | kit.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | calleeImports | @octokit/core |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | enclosingFunctionBody | req res id req params id response kit graphql \n      query {\n        repository(owner: "github", name: " id ") {\n          object(expression: "master:foo") {\n            ... on Blob {\n              text\n            }\n          }\n        }\n      }\n     |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | receiverName | kit |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:34:20:5 | `\\n      ... }\\n    ` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | CalleeFlexibleAccessPath | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:30:27:40 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | CalleeFlexibleAccessPath | myGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:32:30:42 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | calleeImports | @octokit/graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | enclosingFunctionBody | req res id req params id response graphql foo  id myGraphql withCustomRequest request response myGraphql foo  id withDefaults graphql defaults withDefaults foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:18:33:28 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:51:45:5 | {\\n      ... K\\n    } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | CalleeFlexibleAccessPath | request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:44:14:44:24 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:35:48:56 | { query ... {id}` } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | CalleeFlexibleAccessPath | withDefaults |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | calleeImports | @octokit/request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | enclosingFunctionBody | req res id req params id result request POST /graphql headers authorization token 0000000000000000000000000000000000000001 query foo  id withDefaults request defaults withDefaults POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:44:48:54 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | CalleeFlexibleAccessPath | kit2.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:39:56:49 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | receiverName | kit2 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:57:58:78 | { query ... {id}` } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | CalleeFlexibleAccessPath | kit2.request |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | InputAccessPathFromCallee | 1.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | calleeImports | @octokit/rest |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | enclosingFunctionBody | req res id req params id result kit2 graphql foo  id result2 kit2 request POST /graphql query foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:66:58:76 | `foo ${id}` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | CalleeFlexibleAccessPath | nativeGraphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | calleeImports | graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:46:75:64 | "{ foo" + id + " }" | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:50:92:3 | {\\n    m ...  })\\n  } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:79:14:81:5 | {\\n      ... "\\n    } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | InputAccessPathFromCallee | 1.body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | assignedToPropName | body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | CalleeFlexibleAccessPath | JSON.stringify |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | InputAccessPathFromCallee | 0.query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | assignedToPropName | query |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:84:14:90:8 | `{\\n     ...      }` | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:50:112:3 | {\\n    m ...  })\\n  } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | InputAccessPathFromCallee | 1.headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | assignedToPropName | headers |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:96:14:98:5 | {\\n      ... "\\n    } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | CalleeFlexibleAccessPath | fetch |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | InputAccessPathFromCallee | 1.body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | assignedToPropName | body |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | enclosingFunctionBody | req res id req query id result nativeGraphql schema { foo id  } root fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n           id \n        }\n      } fetch https://my-grpahql-server.com/graphql method POST headers Content-Type application/json body JSON stringify query {\n        thing {\n          name\n          url\n          $id\n        }\n      } variables id id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | CalleeFlexibleAccessPath | kit.graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | calleeImports | @actions/github |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | contextFunctionInterfaces | hello() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | enclosingFunctionBody | req res kit github getOctokit foo id req params id result kit graphql foo  id |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | fileImports | @actions/github @octokit/core @octokit/graphql @octokit/request @octokit/rest express graphql |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | receiverName | kit |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:38:120:48 | `foo ${id}` | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputArgumentIndex | 0 |
@@ -6610,7 +8600,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | CalleeFlexibleAccessPath | doc.find |
@@ -6622,7 +8612,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:22:30:26 | query | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | CalleeFlexibleAccessPath | doc.find |
@@ -6634,7 +8624,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:22:33:26 | query | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | CalleeFlexibleAccessPath | doc.find |
@@ -6646,9 +8636,129 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data checkSchema query doc find query ajv validate schema query doc find query validate query doc find query doc find query |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | enclosingFunctionName | app.post#functionalargument |
-| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | fileImports | ajv express joi mongodb |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:18:35:22 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:22:53:26 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:22:55:26 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:22:59:26 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | contextFunctionInterfaces | validate(x) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | contextSurroundingFunctionParameters | (req, res)\n(err, db) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | enclosingFunctionBody | req res MongoClient connect mongodb://localhost:27017/test err db doc db collection doc query JSON parse req query data validate joiSchema validate query validate error doc find query doc find query joiSchema validateAsync query doc find query e doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | fileImports | ajv express joi mongodb |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:22:61:26 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:30:28:34 | opts1 | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:32:5:32:61 | { filte ... e}))` } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:39:5:43:5 | { // OK ... ,\\n    } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:30:61:42 | { filter: f } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | CalleeFlexibleAccessPath | client.search |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | receiverName | client |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:30:66:53 | { filte ... ilter } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | CalleeFlexibleAccessPath | ldap.parseDN |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | calleeImports | ldapjs |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | contextFunctionInterfaces | sanitizeInput(input) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | enclosingFunctionBody | req res q url parse req url true username q query username opts1 filter (\|(name= username )(username= username )) client search o=example opts1 err res client search o=example filter (\|(name= username )(username= username )) err res client search o=example filter (\|(name= sanitizeInput username )(username= sanitizeInput username )) err res f OrFilter filters EqualityFilter attribute name value username EqualityFilter attribute username value username client search o=example filter f err res parsedFilter ldap parseFilter (\|(name= username )(username= username )) client search o=example filter parsedFilter err res dn ldap parseDN cn= username err dn |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | fileImports | http ldapjs url |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | receiverName | ldap |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:27:68:42 | `cn=${username}` | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | CalleeFlexibleAccessPath | db.myDoc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | InputArgumentIndex | 0 |
@@ -6656,11 +8766,23 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | calleeImports | ./marsdb-flow-from |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | fileImports | ./marsdb-flow-from body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | receiverName |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:17:14:21 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | CalleeFlexibleAccessPath | db.myDoc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | calleeImports | ./marsdb-flow-from |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | contextSurroundingFunctionParameters | (req, res)\n(err, data) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | enclosingFunctionBody | req res query query title req body title db myDoc find query err data |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | fileImports | ./marsdb-flow-from body-parser express |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:24:14:40 | (err, data) => {} | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | InputArgumentIndex | 0 |
@@ -6668,11 +8790,23 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | calleeImports | marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextFunctionInterfaces |  |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionBody | req res query query title req body title doc find query err data |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | enclosingFunctionName | app.post#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | fileImports | body-parser express marsdb |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | receiverName | doc |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:12:16:16 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | CalleeFlexibleAccessPath | doc.find |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | calleeImports | marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | contextFunctionInterfaces |  |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | contextSurroundingFunctionParameters | (req, res)\n(err, data) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | enclosingFunctionBody | req res query query title req body title doc find query err data |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | enclosingFunctionName | app.post#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | fileImports | body-parser express marsdb |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | receiverName | doc |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:19:16:35 | (err, data) => {} | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:18:12:18:16 | query | InputArgumentIndex | 0 |
@@ -7957,6 +10091,90 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | fileImports | ./mongooseModel body-parser express |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | receiverName | MyModel |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:16:13:39 | { id: ` ... .id}` } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:26:11:9 | {\\n      ...       } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:11:12:11:46 | functio ... lds) {} | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:26:16:9 | {\\n      ...       } | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | InputAccessPathFromCallee | 0.sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | assignedToPropName | sql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | receiverName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:15:18:15:65 | 'SELECT ...  + temp | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:16:12:16:46 | functio ... lds) {} | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | contextSurroundingFunctionParameters | (req, res)\n(err, connection) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:26:19:73 | 'SELECT ...  + temp | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | CalleeFlexibleAccessPath | connection.query |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | InputArgumentIndex | 1 |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | contextFunctionInterfaces | handler(req, res) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | contextSurroundingFunctionParameters | (req, res)\n(err, connection)\n(error, results, fields) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | enclosingFunctionBody | req res temp req params value pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` = ? values temp error results fields pool getConnection err connection connection query sql SELECT * FROM `books` WHERE `author` =  temp error results fields pool getConnection err connection connection query SELECT * FROM `books` WHERE `author` =  temp error results fields |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | enclosingFunctionName | handler |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | fileImports | express mysql |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | receiverName | connection |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:20:13:20:47 | functio ... lds) {} | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | CalleeFlexibleAccessPath | this.db.one |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:17:8:21 | taint | InputArgumentIndex | 0 |
@@ -7976,7 +10194,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | receiverName |  |
@@ -7988,7 +10206,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | receiverName | db |
@@ -8000,7 +10218,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:10:11:10:15 | query | receiverName | db |
@@ -8012,7 +10230,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:11:17:11:21 | query | receiverName | db |
@@ -8024,7 +10242,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:12:10:12:14 | query | receiverName | db |
@@ -8036,7 +10254,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:13:12:13:16 | query | receiverName | db |
@@ -8048,7 +10266,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:14:18:14:22 | query | receiverName | db |
@@ -8060,7 +10278,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:15:11:15:15 | query | receiverName | db |
@@ -8072,7 +10290,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:16:10:16:14 | query | receiverName | db |
@@ -8084,7 +10302,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:17:16:17:20 | query | receiverName | db |
@@ -8096,7 +10314,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:18:12:18:16 | query | receiverName | db |
@@ -8108,7 +10326,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:19:13:19:17 | query | receiverName | db |
@@ -8120,7 +10338,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:21:10:23:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -8132,7 +10350,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:22:11:22:15 | query | receiverName |  |
@@ -8144,7 +10362,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:24:10:27:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -8156,7 +10374,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:28:10:31:3 | {\\n    t ... ter\\n  } | receiverName | db |
@@ -8168,7 +10386,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:30:13:30:25 | req.params.id | receiverName |  |
@@ -8180,7 +10398,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:32:10:35:3 | {\\n    t ...  OK\\n  } | receiverName | db |
@@ -8192,7 +10410,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:34:13:34:25 | req.params.id | receiverName |  |
@@ -8204,7 +10422,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:36:10:43:3 | {\\n    t ...   ]\\n  } | receiverName | db |
@@ -8216,7 +10434,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:38:13:42:5 | [\\n      ... n\\n    ] | receiverName |  |
@@ -8228,7 +10446,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | calleeImports |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:39:7:39:19 | req.params.id | receiverName |  |
@@ -8240,7 +10458,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | calleeImports |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:40:7:40:21 | req.params.name | receiverName |  |
@@ -8252,7 +10470,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:44:10:50:3 | {\\n    t ...   }\\n  } | receiverName | db |
@@ -8264,7 +10482,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:47:11:47:23 | req.params.id | receiverName |  |
@@ -8276,7 +10494,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:51:10:58:3 | {\\n    t ...   }\\n  } | receiverName | db |
@@ -8288,7 +10506,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:54:11:54:23 | req.params.id | receiverName |  |
@@ -8300,7 +10518,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | calleeImports | pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:56:14:56:29 | req.params.title | receiverName |  |
@@ -8312,11 +10530,23 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | calleeImports |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | receiverName | t |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:60:20:60:24 | query | stringConcatenatedWith |  |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | CalleeFlexibleAccessPath | t.one |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputAccessPathFromCallee |  |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | InputArgumentIndex | 0 |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | assignedToPropName |  |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | calleeImports |  |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextFunctionInterfaces | cnd(t) |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | enclosingFunctionName | get#functionalargument |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | fileImports | express pg-promise |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | receiverName | t |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:63:23:63:27 | query | stringConcatenatedWith |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | CalleeFlexibleAccessPath | t.one |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputAccessPathFromCallee |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | InputArgumentIndex | 0 |
@@ -8324,7 +10554,7 @@ tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | calleeImports |  |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextFunctionInterfaces | cnd(t) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | contextSurroundingFunctionParameters | (req, res)\n(t) |
-| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db task cnd t t one query t t one query |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionBody | req res db pgp process DB_CONNECTION_STRING env DB_CONNECTION_STRING query SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=' req params category ' ORDER BY PRICE db any query db many query db manyOrNone query db map query db multi query db multiResult query db none query db one query db oneOrNone query db query query db result query db one text query db one text SELECT * FROM news where id = $1 values req params id db one text SELECT * FROM news where id = $1:raw values req params id db one text SELECT * FROM news where id = $1^ values req params id db one text SELECT * FROM news where id = $1:raw AND name = $2:raw AND foo = $3 values req params id req params name req params foo db one text SELECT * FROM news where id = ${id}:raw AND name = ${name} values id req params id name req params name db one text SELECT * FROM news where id = ${id}:value AND name LIKE '%${name}:value%' AND title LIKE "%${title}:value%" values id req params id name req params name title req params title db task t t one query db taskIf cnd t t one query t t one query |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | enclosingFunctionName | get#functionalargument |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | fileImports | express pg-promise |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:64:16:64:20 | query | receiverName | t |
@@ -8674,7 +10904,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:12:29:12:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8686,7 +10916,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:15:29:15:48 | "/home/user/" + path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8698,7 +10928,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:18:33:18:36 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8710,7 +10940,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:21:33:21:36 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | CalleeFlexibleAccessPath | fs.existsSync |
@@ -8722,7 +10952,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8734,7 +10964,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8746,7 +10976,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:27:31:27:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8758,7 +10988,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:30:31:30:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8770,7 +11000,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:33:31:33:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8782,7 +11012,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:36:29:36:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8794,7 +11024,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:40:29:40:53 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8806,7 +11036,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:42:29:42:52 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8818,7 +11048,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:44:29:44:52 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8830,7 +11060,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:46:29:46:49 | pathMod ... n(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8842,7 +11072,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8854,7 +11084,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:50:29:50:54 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8866,7 +11096,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:52:29:52:56 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8878,7 +11108,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8890,7 +11120,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:56:29:56:52 | pathMod ... e(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8902,7 +11132,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8914,7 +11144,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path res write fs readFileSync /home/user/ path path startsWith /home/user/ res write fs readFileSync path path indexOf secret 1 res write fs readFileSync path fs existsSync path res write fs readFileSync path path foo.txt res write fs readFileSync path path foo.txt path bar.txt res write fs readFileSync path path foo.txt path bar.txt someOpaqueCondition res write fs readFileSync path path sanitize path res write fs readFileSync path path url parse req url true query path res write fs readFileSync pathModule basename path res write fs readFileSync pathModule dirname path res write fs readFileSync pathModule extname path res write fs readFileSync pathModule join path res write fs readFileSync pathModule join x y path z res write fs readFileSync pathModule normalize path res write fs readFileSync pathModule relative x path res write fs readFileSync pathModule relative path x res write fs readFileSync pathModule resolve path res write fs readFileSync pathModule resolve x y path z res write fs readFileSync pathModule toNamespacedPath path |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:60:29:60:61 | pathMod ... h(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | CalleeFlexibleAccessPath |  |
@@ -8926,7 +11156,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | contextSurroundingFunctionParameters | () |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionBody | templateUrl Cookie get unsafe |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | enclosingFunctionName | directive#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | receiverName |  |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8938,7 +11168,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:77:31:77:76 | require ... ).query | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8950,7 +11180,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:78:31:78:74 | require ... ).query | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8962,7 +11192,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionBody | req res res write fs readFileSync require querystringify parse req url query res write fs readFileSync require query-string parse req url query res write fs readFileSync require querystring parse req url query |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:79:31:79:73 | require ... ).query | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | CalleeFlexibleAccessPath | res.render |
@@ -8974,7 +11204,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | contextSurroundingFunctionParameters | ()\n(req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionBody | express require express application express views_local req res res render req 0 params 0 application get /views/* views_local views_imported require ./views application get /views/* views_imported |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | enclosingFunctionName |  |
-| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | receiverName | res |
 | autogenerated/TaintedPath/TaintedPath.js:87:48:87:60 | req.params[0] | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -8986,7 +11216,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:102:28:102:48 | fs.real ... c(path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | CalleeFlexibleAccessPath | fs.realpathSync |
@@ -8998,7 +11228,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | CalleeFlexibleAccessPath | fs.realpath |
@@ -9010,7 +11240,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | CalleeFlexibleAccessPath | fs.realpath |
@@ -9022,7 +11252,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9034,7 +11264,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | contextSurroundingFunctionParameters | (req, res)\n(err, realpath) |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync fs realpathSync path fs realpath path err realpath res write fs readFileSync realpath |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9046,7 +11276,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:119:29:119:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9058,7 +11288,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionBody | req res path url parse req url true query path path path path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  path path replace /\\.\\./g  res write fs readFileSync path |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:132:29:132:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | CalleeFlexibleAccessPath | import(!) |
@@ -9070,7 +11300,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionBody | req res path url parse req url true query path require send req path |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | receiverName |  |
 | autogenerated/TaintedPath/TaintedPath.js:138:23:138:26 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9082,7 +11312,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:144:19:144:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9094,7 +11324,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:148:19:148:33 | split.join("/") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9106,7 +11336,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:150:19:150:50 | prefix  ... th - 1] | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9118,7 +11348,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:152:19:152:26 | split[x] | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9130,7 +11360,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:153:19:153:35 | prefix + split[x] | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9142,7 +11372,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:156:19:156:37 | concatted.join("/") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9154,7 +11384,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:159:19:159:38 | concatted2.join("/") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9166,7 +11396,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path split path split / fs readFileSync split join / fs readFileSync prefix split split length 1 fs readFileSync split x fs readFileSync prefix split x concatted prefix concat split fs readFileSync concatted join / concatted2 split concat prefix fs readFileSync concatted2 join / fs readFileSync split pop |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:161:19:161:29 | split.pop() | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9178,7 +11408,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:169:29:169:68 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9190,7 +11420,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:170:29:170:55 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9202,7 +11432,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:171:29:171:53 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9214,7 +11444,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:172:29:172:64 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9226,7 +11456,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:173:29:173:51 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9238,7 +11468,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:174:29:174:54 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9250,7 +11480,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:176:29:176:52 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9262,7 +11492,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:177:29:177:53 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9274,7 +11504,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:178:29:178:51 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9286,7 +11516,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:179:29:179:57 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9298,7 +11528,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:182:31:182:54 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9310,7 +11540,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:183:30:183:54 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9322,7 +11552,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:184:31:184:53 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9334,7 +11564,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:185:30:185:58 | path.re ... /g, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9346,7 +11576,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:189:29:189:95 | "prefix ... +/, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9358,7 +11588,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:190:29:190:94 | "prefix ... +/, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9370,7 +11600,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:191:29:191:90 | "prefix ... +/, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9382,7 +11612,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:192:29:192:90 | "prefix ... */, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9394,7 +11624,7 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9406,9 +11636,129 @@ tokenFeatures
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionBody | req res path url parse req url true query path res write fs readFileSync path replace /[\\]\\[*,;'"`<>\\\\?\\/]/g  res write fs readFileSync path replace /[abcd]/g  res write fs readFileSync path replace /[./]/g  res write fs readFileSync path replace /[foobar/foobar]/g  res write fs readFileSync path replace /\\//g  res write fs readFileSync path replace /\\.\|\\//g  res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  pathModule isAbsolute path res write fs readFileSync path replace /[.]/g  res write fs readFileSync path replace /[..]/g  res write fs readFileSync path replace /\\./g  res write fs readFileSync path replace /\\.\\.\|BLA/g  res write fs readFileSync prefix pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.[\\/\\\\])+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)+/  res write fs readFileSync prefix pathModule normalize path replace /(\\.\\.\\/)*/  res write fs readFileSync prefix path replace /^(\\.\\.[\\/\\\\])+/  res write fs readFileSync pathModule normalize path replace /^(\\.\\.[\\/\\\\])+/  |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views express fs http path query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | receiverName | fs |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | assignedToPropName |  |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | assignedToPropName |  |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | assignedToPropName |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | calleeImports | fs |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | receiverName | fs |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | CalleeFlexibleAccessPath | parseqs.decode |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | assignedToPropName |  |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | calleeImports | parseqs |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | enclosingFunctionBody | req res qs require qs res write fs readFileSync qs parse req url foo res write fs readFileSync qs parse normalizeUrl req url foo parseqs require parseqs res write fs readFileSync parseqs decode req url foo |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | receiverName | parseqs |
+| autogenerated/TaintedPath/TaintedPath.js:206:44:206:50 | req.url | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | CalleeFlexibleAccessPath | cp.execSync |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | InputAccessPathFromCallee | 1.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | receiverName |  |
+| autogenerated/TaintedPath/TaintedPath.js:212:31:212:34 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | InputAccessPathFromCallee | 2.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | InputArgumentIndex | 2 |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | receiverName |  |
+| autogenerated/TaintedPath/TaintedPath.js:213:45:213:48 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | CalleeFlexibleAccessPath | cp.execFileSync |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | InputAccessPathFromCallee | 1.cwd |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | calleeImports | child_process |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | contextFunctionInterfaces | views_local(req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | enclosingFunctionBody | req res path url parse req url true query path cp execSync foobar cwd path cp execFileSync foobar args cwd path cp execFileSync foobar cwd path |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | fileImports | ./views child_process express fs http normalize-url parseqs path qs query-string querystring querystringify sanitize-filename send url |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | receiverName |  |
+| autogenerated/TaintedPath/TaintedPath.js:214:35:214:38 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | CalleeFlexibleAccessPath | req.files.foo.mv |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | assignedToPropName |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | calleeImports |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | enclosingFunctionBody | req res req files foo mv req query bar |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | fileImports | express express-fileupload |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | receiverName |  |
+| autogenerated/TaintedPath/express.js:8:20:8:32 | req.query.bar | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | assignedToPropName |  |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | contextSurroundingFunctionParameters | ()\n(filePath) |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:11:32:11:39 | filePath | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | assignedToPropName |  |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | calleeImports | fs |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | contextFunctionInterfaces | catFile(filePath)\ninit()\nprependToLines(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | contextSurroundingFunctionParameters | ()\n(prefix, filePath) |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | enclosingFunctionBody | hb registerHelper catFile catFile filePath fs readFileSync filePath hb registerHelper prependToLines prependToLines prefix filePath fs readFileSync filePath split \n map line prefix line join \n data compiledFileAccess hb compile contents of file {{path}} are: {{catFile path}} data compiledBenign hb compile hello, {{name}} data compiledUnknown hb compile fs readFileSync greeting.template data compiledMixed hb compile helpers may have several args, like here: {{prependToLines prefix path}} |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | enclosingFunctionName | init |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | fileImports | express fs handlebars |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | receiverName | fs |
+| autogenerated/TaintedPath/handlebars.js:15:25:15:32 | filePath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputAccessPathFromCallee |  |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | InputArgumentIndex | 0 |
@@ -9418,7 +11768,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:13:19:13:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9430,7 +11780,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:14:19:14:29 | './' + path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9442,7 +11792,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:15:19:15:38 | path + '/index.html' | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9454,7 +11804,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:16:19:16:53 | pathMod ... .html') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9466,7 +11816,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:17:19:17:57 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9478,7 +11828,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:23:19:23:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9490,7 +11840,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:24:19:24:29 | './' + path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9502,7 +11852,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:25:19:25:38 | path + '/index.html' | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9514,7 +11864,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:26:19:26:53 | pathMod ... .html') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9526,7 +11876,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionBody | req res path pathModule normalize req query path fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html fs readFileSync pathModule join path index.html fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:27:19:27:57 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9538,7 +11888,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:36:19:36:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9550,7 +11900,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:39:21:39:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9562,7 +11912,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:41:21:41:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9574,7 +11924,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:44:21:44:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9586,7 +11936,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:47:21:47:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | path.startsWith |
@@ -9598,7 +11948,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9610,7 +11960,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path fs readFileSync path path startsWith . fs readFileSync path fs readFileSync path path startsWith .. fs readFileSync path path startsWith ../ fs readFileSync path path startsWith .. pathModule sep fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9622,7 +11972,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:59:19:59:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9634,7 +11984,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:61:19:61:29 | "./" + path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9646,7 +11996,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:63:19:63:38 | path + "/index.html" | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9658,7 +12008,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:66:21:66:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9670,7 +12020,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync ./ path fs readFileSync path /index.html pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:68:21:68:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9682,7 +12032,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:76:21:76:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9694,7 +12044,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionBody | req res path pathModule normalize ./ req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:78:22:78:25 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9706,7 +12056,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:87:29:87:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9718,7 +12068,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:90:31:90:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9730,7 +12080,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:99:29:99:32 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9742,7 +12092,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path res write fs readFileSync path path startsWith /home/user/www res write fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:102:31:102:34 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9754,7 +12104,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:110:21:110:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9766,7 +12116,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path startsWith /home/user/www fs readFileSync path path 0 0 / path 0 0 . fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:113:21:113:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | CalleeFlexibleAccessPath | fs.realpathSync |
@@ -9778,7 +12128,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9790,7 +12140,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9802,7 +12152,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:120:19:120:53 | pathMod ... .html') | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9814,7 +12164,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:123:21:123:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9826,7 +12176,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:125:19:125:44 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9838,7 +12188,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionBody | req res path fs realpathSync req query path fs readFileSync path fs readFileSync pathModule join path index.html path startsWith /home/user/www fs readFileSync path fs readFileSync pathModule join . path fs readFileSync pathModule join /home/user/www path |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:126:19:126:57 | pathMod ... , path) | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9850,7 +12200,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:133:21:133:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9862,7 +12212,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionBody | req res path pathModule join . req query path path startsWith .. fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:135:21:135:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9874,7 +12224,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:142:21:142:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9886,7 +12236,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionBody | req res path pathModule join /home/user/www req query path path startsWith /home/user/www fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:144:21:144:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9898,7 +12248,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:151:21:151:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9910,7 +12260,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:153:21:153:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9922,7 +12272,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionBody | req res path foo/ pathModule normalize req query path path startsWith .. fs readFileSync path fs readFileSync path path includes .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:156:21:156:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9934,7 +12284,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:165:19:165:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9946,7 +12296,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:168:21:168:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9958,7 +12308,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path path includes .. fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:170:21:170:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9970,7 +12320,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:184:19:184:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9982,7 +12332,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:187:21:187:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -9994,7 +12344,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:189:21:189:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10006,7 +12356,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:192:21:192:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10018,7 +12368,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:194:21:194:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10030,7 +12380,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:197:21:197:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10042,7 +12392,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:199:21:199:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10054,7 +12404,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:203:21:203:34 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10066,7 +12416,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:205:21:205:34 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10078,7 +12428,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:208:21:208:34 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10090,7 +12440,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionBody | req res path req query path pathModule isAbsolute path path path path startsWith / path path path startsWith /x path path path startsWith . path path fs readFileSync path pathModule isAbsolute path fs readFileSync path fs readFileSync path path includes .. fs readFileSync path fs readFileSync path path includes .. pathModule isAbsolute path fs readFileSync path fs readFileSync path normalizedPath pathModule normalize path normalizedPath startsWith /home/user/www fs readFileSync normalizedPath fs readFileSync normalizedPath normalizedPath startsWith /home/user/www normalizedPath startsWith /home/user/public fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:210:21:210:34 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10102,7 +12452,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:217:21:217:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10114,7 +12464,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path pathModule isAbsolute path path startsWith .. fs readFileSync path path decodeURIComponent path pathModule isAbsolute path path startsWith .. fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:222:21:222:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10126,7 +12476,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:228:21:228:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10138,7 +12488,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionBody | req res path pathModule normalize req query path replace /%20/g   pathModule isAbsolute path fs readFileSync path path path replace /\\.\\./g  fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:231:21:231:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10150,7 +12500,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:238:19:238:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | CalleeFlexibleAccessPath | path.substring |
@@ -10162,7 +12512,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10174,7 +12524,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10186,7 +12536,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:245:21:245:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | CalleeFlexibleAccessPath | path.slice |
@@ -10198,7 +12548,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | receiverName | path |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10210,7 +12560,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10222,7 +12572,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something path substring 0 self dir length self dir fs readFileSync path fs readFileSync path path slice 0 self dir length self dir fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:250:21:250:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10234,7 +12584,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:256:19:256:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | CalleeFlexibleAccessPath | relative.startsWith |
@@ -10246,7 +12596,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | receiverName | relative |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10258,7 +12608,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10270,7 +12620,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:264:21:264:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | CalleeFlexibleAccessPath | relativePath.indexOf |
@@ -10282,7 +12632,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | receiverName | relativePath |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10294,7 +12644,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10306,7 +12656,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:272:21:272:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10318,7 +12668,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:278:21:278:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10330,7 +12680,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:280:21:280:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10342,7 +12692,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:286:21:286:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10354,7 +12704,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:288:21:288:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10366,7 +12716,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:294:21:294:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10378,7 +12728,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path self something relative pathModule relative self webroot path relative startsWith .. pathModule sep relative .. fs readFileSync path fs readFileSync path newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf .. pathModule sep 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ 0 fs readFileSync newpath fs readFileSync newpath newpath pathModule normalize path relativePath pathModule relative pathModule normalize workspaceDir newpath pathModule normalize relativePath indexOf ../ fs readFileSync newpath fs readFileSync newpath |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:296:21:296:27 | newpath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10390,7 +12740,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:304:18:304:21 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10402,7 +12752,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:306:19:306:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10414,7 +12764,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:309:19:309:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10426,7 +12776,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:313:19:313:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10438,7 +12788,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:316:19:316:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10450,7 +12800,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:322:19:322:32 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10462,7 +12812,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:325:19:325:32 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10474,7 +12824,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:329:19:329:32 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10486,7 +12836,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionBody | req res path req query path fs readFileSync path isPathInside path SAFE fs readFileSync path fs readFileSync path pathIsInside path SAFE fs readFileSync path fs readFileSync path normalizedPath pathModule join SAFE path pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath pathIsInside normalizedPath SAFE fs readFileSync normalizedPath fs readFileSync normalizedPath |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:332:19:332:32 | normalizedPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10498,7 +12848,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:341:18:341:21 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | CalleeFlexibleAccessPath | abs.indexOf |
@@ -10510,7 +12860,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | receiverName | abs |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10522,7 +12872,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10534,7 +12884,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionBody | req res path pathModule resolve req query path fs readFileSync path abs pathModule resolve path abs indexOf root 0 fs readFileSync path fs readFileSync path |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:349:18:349:21 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10546,7 +12896,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:356:19:356:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | CalleeFlexibleAccessPath | allowPath |
@@ -10558,7 +12908,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | receiverName |  |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | CalleeFlexibleAccessPath | allowPath |
@@ -10570,7 +12920,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | receiverName |  |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10582,7 +12932,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10594,7 +12944,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:366:21:366:31 | requestPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10606,7 +12956,7 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | receiverName | fs |
 | autogenerated/TaintedPath/normalizedPaths.js:368:19:368:28 | targetPath | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | CalleeFlexibleAccessPath | requestPath.indexOf |
@@ -10618,9 +12968,165 @@ tokenFeatures
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | contextSurroundingFunctionParameters | (requestPath, rootPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionBody | req res path req query path fs readFileSync path requestPath pathModule join rootPath path targetPath allowPath requestPath rootPath targetPath rootPath fs readFileSync requestPath targetPath requestPath fs readFileSync requestPath fs readFileSync targetPath allowPath requestPath rootPath requestPath indexOf rootPath 0 |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename url |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | receiverName | requestPath |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:379:19:379:22 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | enclosingFunctionBody | req res path req query path fs readFileSync path fs readFileSync slash path |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:388:19:388:22 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:389:19:389:22 | /\\./ | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:390:21:390:24 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:392:19:392:24 | /\\.\\./ | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:393:21:393:24 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:395:19:395:26 | /\\.\\.\\// | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:396:21:396:24 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:398:19:398:29 | /\\.\\.\\/foo/ | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:399:21:399:24 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | CalleeFlexibleAccessPath | path.match |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | calleeImports | path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | receiverName | path |
+| autogenerated/TaintedPath/normalizedPaths.js:401:19:401:35 | /(\\.\\.\\/\|\\.\\.\\\\)/ | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | calleeImports | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | contextFunctionInterfaces | allowPath(requestPath, rootPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | enclosingFunctionBody | req res path pathModule normalize req query x pathModule isAbsolute path fs readFileSync path path match /\\./ fs readFileSync path path match /\\.\\./ fs readFileSync path path match /\\.\\.\\// fs readFileSync path path match /\\.\\.\\/foo/ fs readFileSync path path match /(\\.\\.\\/\|\\.\\.\\\\)/ fs readFileSync path |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | fileImports | express fs is-path-inside path path-is-inside sanitize-filename slash url |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | receiverName | fs |
+| autogenerated/TaintedPath/normalizedPaths.js:402:21:402:24 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputAccessPathFromCallee |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | InputArgumentIndex | 0 |
@@ -10630,7 +13136,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | CalleeFlexibleAccessPath | gracefulFs.readFileSync |
@@ -10642,7 +13148,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | receiverName | gracefulFs |
 | autogenerated/TaintedPath/other-fs-libraries.js:12:27:12:30 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | CalleeFlexibleAccessPath | fsExtra.readFileSync |
@@ -10654,7 +13160,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | receiverName | fsExtra |
 | autogenerated/TaintedPath/other-fs-libraries.js:13:24:13:27 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | CalleeFlexibleAccessPath | originalFs.readFileSync |
@@ -10666,7 +13172,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | receiverName | originalFs |
 | autogenerated/TaintedPath/other-fs-libraries.js:14:27:14:30 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
@@ -10678,7 +13184,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:16:34:16:37 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | CalleeFlexibleAccessPath | getFsModule().readFileSync |
@@ -10690,7 +13196,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:17:35:17:38 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | CalleeFlexibleAccessPath | import("p").require().readFileSync |
@@ -10702,7 +13208,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:19:56:19:59 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | CalleeFlexibleAccessPath | require |
@@ -10714,7 +13220,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:21:36:23:10 | process ...  : "fs" | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | CalleeFlexibleAccessPath | flexibleModuleName.readFileSync |
@@ -10726,7 +13232,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path gracefulFs readFileSync path fsExtra readFileSync path originalFs readFileSync path getFsModule true readFileSync path getFsModule false readFileSync path require ./my-fs-module require true readFileSync path flexibleModuleName require process electron versions electron original-fs fs flexibleModuleName readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | receiverName | flexibleModuleName |
 | autogenerated/TaintedPath/other-fs-libraries.js:24:35:24:38 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | CalleeFlexibleAccessPath | util.promisify() |
@@ -10738,7 +13244,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:40:35:40:38 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | CalleeFlexibleAccessPath | import(!).promisify() |
@@ -10750,7 +13256,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:41:50:41:53 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | CalleeFlexibleAccessPath | import(!).promisifyAll().readFileSync |
@@ -10762,7 +13268,7 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionBody | req res path url parse req url true query path util promisify fs readFileSync path require bluebird promisify fs readFileSync path require bluebird promisifyAll fs readFileSync path |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | receiverName |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:53:42:56 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10772,9 +13278,9 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | calleeImports | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:19:51:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | CalleeFlexibleAccessPath | asyncFS.readFileSync |
@@ -10784,11 +13290,143 @@ tokenFeatures
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | calleeImports | ./my-async-fs-module |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextFunctionInterfaces | getFsModule(special) |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | contextSurroundingFunctionParameters | (req, res) |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http original-fs url util |
+| autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | receiverName | asyncFS |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:24:52:27 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:36:54:39 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | CalleeFlexibleAccessPath | import(!)().readFileSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | calleeImports | pify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:36:55:39 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | calleeImports | util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:46:57:49 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | CalleeFlexibleAccessPath | import(!)() |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | calleeImports | thenify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:39:59:42 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | CalleeFlexibleAccessPath | readPkg.readPackageSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | InputAccessPathFromCallee | 0.cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:43:62:46 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | CalleeFlexibleAccessPath | readPkg.readPackageAsync |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | InputAccessPathFromCallee | 0.cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | assignedToPropName | cwd |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | calleeImports | read-pkg |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path asyncFS readFileSync path require pify fs readFileSync path require pify fs readFileSync path require util.promisify fs readFileSync path require thenify fs readFileSync path readPkg require read-pkg pkg readPkg readPackageSync cwd path pkgPromise readPkg readPackageAsync cwd path |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:51:63:54 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | CalleeFlexibleAccessPath | fs.readFileSync |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | calleeImports | fs |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | receiverName | fs |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:19:70:22 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | CalleeFlexibleAccessPath | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | calleeImports | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | receiverName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:10:71:13 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | CalleeFlexibleAccessPath | mkdirp.sync |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | calleeImports | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | contextFunctionInterfaces | getFsModule(special) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path mkdirp path mkdirp sync path |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | fileImports | ./my-async-fs-module ./my-fs-module bluebird fs fs-extra graceful-fs http mkdirp original-fs pify read-pkg thenify url util util.promisify |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | receiverName | mkdirp |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:15:72:18 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | assignedToPropName |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | receiverName | prettier |
+| autogenerated/TaintedPath/prettier.js:7:28:7:28 | p | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | CalleeFlexibleAccessPath | prettier.resolveConfig |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | InputAccessPathFromCallee | 1.config |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | InputArgumentIndex | 1 |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | assignedToPropName | config |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | calleeImports | prettier |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | enclosingFunctionBody | req res p req params prettier resolveConfig p then options formatted prettier format foo options prettier resolveConfig foo config p then options formatted prettier format bar options |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | fileImports | express prettier |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | receiverName |  |
+| autogenerated/TaintedPath/prettier.js:11:44:11:44 | p | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | CalleeFlexibleAccessPath | page.pdf |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputAccessPathFromCallee | 0.path |
 | autogenerated/TaintedPath/pupeteer.js:9:28:9:34 | tainted | InputArgumentIndex | 0 |
@@ -10822,7 +13460,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:8:19:8:22 | path | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10834,7 +13472,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:12:19:12:25 | obj.sub | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10846,7 +13484,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:16:19:16:25 | obj.sub | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10858,7 +13496,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:20:21:20:28 | obj.sub2 | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10870,7 +13508,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:26:19:26:26 | obj.sub3 | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10882,7 +13520,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:29:21:29:28 | obj.sub4 | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10894,7 +13532,7 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:30:23:30:30 | obj.sub4 | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | CalleeFlexibleAccessPath | fs.readFileSync |
@@ -10906,9 +13544,45 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionBody | req res path url parse req url true query path fs readFileSync path obj bla something path fs readFileSync obj sub obj sub safe fs readFileSync obj sub obj sub2 safe random fs readFileSync obj sub2 random obj sub3 safe fs readFileSync obj sub3 obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 fs readFileSync obj sub4 |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | enclosingFunctionName | http.createServer#functionalargument |
-| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | fs http url |
+| autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | fileImports | chownr fs http node:fs url |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | receiverName | fs |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:23:31:30 | obj.sub4 | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | CalleeFlexibleAccessPath | nodefs.readFileSync |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | calleeImports | node:fs |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | enclosingFunctionBody | req res path url parse req url true query path nodefs readFileSync path |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | receiverName | nodefs |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:23:40:26 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | receiverName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:10:49:13 | path | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | CalleeFlexibleAccessPath | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | InputArgumentIndex | 3 |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | calleeImports | chownr |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | contextSurroundingFunctionParameters | (req, res)\n(err) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | enclosingFunctionBody | req res path url parse req url true query path chownr path someuid somegid err |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | enclosingFunctionName | http.createServer#functionalargument |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | fileImports | chownr fs http node:fs url |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | receiverName |  |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:38:49:54 | function (err) {} | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | CalleeFlexibleAccessPath | fs.readFileSync |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputAccessPathFromCallee |  |
 | autogenerated/TaintedPath/tainted-array-steps.js:10:29:10:54 | ['publi ... in('/') | InputArgumentIndex | 0 |
@@ -10942,9 +13616,33 @@ tokenFeatures
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionBody | req res m require req param module |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
-| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express |
+| autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | fileImports | express resolve |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | receiverName |  |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | CalleeFlexibleAccessPath | resolve.sync |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | receiverName | resolve |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") | stringConcatenatedWith |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | CalleeFlexibleAccessPath | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | InputAccessPathFromCallee |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | InputArgumentIndex | 0 |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | assignedToPropName |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | calleeImports | resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | contextFunctionInterfaces |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | contextSurroundingFunctionParameters | (req, res) |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | enclosingFunctionBody | req res module resolve sync req param module resolve req param module basedir __dirname err res module res |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | enclosingFunctionName | app.get#functionalargument |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | fileImports | express resolve |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | receiverName |  |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") | stringConcatenatedWith |  |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | CalleeFlexibleAccessPath | res.sendFile |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputAccessPathFromCallee |  |
 | autogenerated/TaintedPath/tainted-sendFile.js:8:16:8:33 | req.param("gimme") | InputArgumentIndex | 0 |
@@ -11514,7 +14212,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | contextSurroundingFunctionParameters | (event) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionBody | event document write event data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:2:20:2:29 | event.data | enclosingFunctionName | addEventListener#functionalargument |
@@ -11526,7 +14224,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | contextSurroundingFunctionParameters | (?) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionBody | data document write data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:6:20:6:23 | data | enclosingFunctionName | addEventListener#functionalargument |
@@ -11538,9 +14236,9 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:11:24:11:29 | x.data | receiverName | document |
@@ -11550,9 +14248,9 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:12:24:12:33 | event.data | receiverName | document |
@@ -11562,13 +14260,49 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | contextSurroundingFunctionParameters | (x, event, y) |
-| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | fileImports |  |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | receiverName | document |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:24:13:29 | y.data | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | CalleeFlexibleAccessPath | document.write |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | receiverName | document |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:24:22:29 | e.data | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | CalleeFlexibleAccessPath | mySet.includes |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | receiverName | mySet |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:28:26:35 | e.origin | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | CalleeFlexibleAccessPath | document.write |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | contextFunctionInterfaces | foo(x, event, y)\nonmessage(e)\nonmessage(e)\ntest() |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | enclosingFunctionBody | foo x event y document write x data document write event data document write y data window addEventListener message foo bind null data items window onmessage e e origin https://foobar.com document write e data window onmessage e mySet includes e origin document write e data |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | fileImports |  |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | receiverName | document |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:28:27:33 | e.data | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | CalleeFlexibleAccessPath | this.sanitizer.bypassSecurityTrustHtml |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | InputArgumentIndex | 0 |
@@ -11744,7 +14478,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:7:31:7:84 | `<span  ... <span>` | receiverName |  |
@@ -11756,7 +14490,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:8:31:8:85 | `<span  ... <span>` | receiverName |  |
@@ -11768,7 +14502,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:9:31:9:85 | `<span  ... <span>` | receiverName |  |
@@ -11780,7 +14514,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:11:31:11:79 | `<span  ... <span>` | receiverName |  |
@@ -11792,7 +14526,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:13:31:13:83 | `<span  ... <span>` | receiverName |  |
@@ -11804,7 +14538,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:31:14:77 | `<span  ... <span>` | receiverName |  |
@@ -11816,11 +14550,155 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextFunctionInterfaces | main() |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | enclosingFunctionName | main |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:31:15:78 | `<span  ... <span>` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | enclosingFunctionBody | document body innerHTML <span class=" classNames window name ">Hello<span> document body innerHTML <span class=" classNamesD window name ">Hello<span> document body innerHTML <span class=" classNamesB window name ">Hello<span> unsafeStyle classNames bind foo window name document body innerHTML <span class=" unsafeStyle foo ">Hello<span> safeStyle classNames bind document body innerHTML <span class=" safeStyle window name ">Hello<span> document body innerHTML <span class=" safeStyle foo ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> document body innerHTML <span class=" clsx window name ">Hello<span> |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | fileImports | classnames classnames/bind classnames/dedupe clsx |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:23:1:27 | paste | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | enclosingFunctionBody | e clipboardData e originalEvent clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | enclosingFunctionName | paste |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:15:25:15:28 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | enclosingFunctionBody | el HTMLElement el addEventListener paste e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | enclosingFunctionBody | e $ #id html e clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:25:34:1 | (e) =>  ... OT OK\\n} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | enclosingFunctionBody | e $ #id html e originalEvent clipboardData getData text/html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | enclosingFunctionBody | div document createElement div div onpaste e ClipboardEvent clipboardData e clipboardData text clipboardData getData text/plain html clipboardData getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:50:29:50:32 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:73:29:73:39 | droppedHtml | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | enclosingFunctionBody | e ClipboardEvent Promise Array File dropItems Set File e clipboardData files length 0 i 0 i e clipboardData files length i file e clipboardData files i e clipboardData types includes text/html droppedHtml e clipboardData getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e clipboardData types includes text/plain plainText e clipboardData getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | enclosingFunctionName | getClipboardData |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:32:82:40 | plainText | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | contextFunctionInterfaces | getClipboardData(e)\ninstall(el)\nonpaste(e)\npaste(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | enclosingFunctionBody | div document createElement div div addEventListener beforeinput e InputEvent data inputType isComposing dataTransfer e dataTransfer html dataTransfer getData text/html $ #id html html |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:23:99:26 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | contextFunctionInterfaces | constructor(args)\ntest() |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | enclosingFunctionBody | innerHTML window name |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | fileImports | dummy |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | receiverName |  |
+| autogenerated/Xss/DomBasedXss/custom-element.js:5:26:5:36 | window.name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | CalleeFlexibleAccessPath | d3.select().attr().style().html |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/d3.js:11:15:11:24 | getTaint() | InputArgumentIndex | 0 |
@@ -11898,11 +14776,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:11:31:11:70 | `Time i ... aint)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
@@ -11910,11 +14788,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:12:31:12:73 | `Time i ... aint)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | CalleeFlexibleAccessPath |  |
@@ -11922,11 +14800,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:13:31:13:72 | `Time i ... time)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | CalleeFlexibleAccessPath |  |
@@ -11934,11 +14812,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:14:31:14:70 | `Time i ... time)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
@@ -11946,11 +14824,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:15:31:15:72 | `Time i ... aint)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
@@ -11958,11 +14836,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:16:31:16:69 | `Time i ... aint)}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | CalleeFlexibleAccessPath |  |
@@ -11970,11 +14848,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:17:31:17:65 | `Time i ... mat()}` | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
@@ -11982,13 +14860,253 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextFunctionInterfaces | main() |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | enclosingFunctionName | main |
-| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | fileImports | date-fns date-fns/esm date-fns/fp dateformat moment |
+| autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | receiverName |  |
 | autogenerated/Xss/DomBasedXss/dates.js:18:31:18:66 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | enclosingFunctionBody | time Date taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  dateFns format time taint document body innerHTML Time is  dateFnsEsm format time taint document body innerHTML Time is  dateFnsFp format taint time document body innerHTML Time is  dateFns format taint time document body innerHTML Time is  dateFnsFp format time taint document body innerHTML Time is  moment time format taint document body innerHTML Time is  moment taint format document body innerHTML Time is  dateformat time taint dayjs dayjs document body innerHTML Time is  dayjs time format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | enclosingFunctionName | main |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:21:31:21:68 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:37:31:37:84 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:38:31:38:84 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:39:31:39:86 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 dateFns DateFnsAdapter luxon LuxonAdapter moment MomentAdapter dayjs DayJSAdapter document body innerHTML Time is  dateFns formatByString Date taint document body innerHTML Time is  luxon formatByString luxon date taint document body innerHTML Time is  moment formatByString moment date taint document body innerHTML Time is  dayjs formatByString dayjs date taint |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | enclosingFunctionName | dateio |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:40:31:40:84 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:48:31:48:90 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:49:31:49:89 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 document body innerHTML Time is  DateTime now plus years 1 toFormat taint document body innerHTML Time is  DateTime setLocale fr toFormat taint document body innerHTML Time is  DateTime fromISO 2020-01-01 startOf day toFormat taint |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | enclosingFunctionName | luxon |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:50:31:50:104 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:57:31:57:101 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:59:31:59:87 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | contextFunctionInterfaces | dateio()\ndateio2()\nluxon()\nmain() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | enclosingFunctionBody | taint decodeURIComponent window location hash substring 1 moment MomentAdapter document body innerHTML Time is  moment addDays moment date 2020-06-21 1 format taint luxon LuxonAdapter document body innerHTML Time is  luxon endOfDay luxon date toFormat taint dayjs DayJSAdapter document body innerHTML Time is  dayjs setHours dayjs date 4 format taint |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | enclosingFunctionName | dateio2 |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | fileImports | @date-io/date-fns @date-io/dayjs @date-io/luxon @date-io/moment date-fns date-fns/esm date-fns/fp dateformat dayjs luxon moment |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dates.js:61:31:61:88 | `Time i ... aint)}` | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | CalleeFlexibleAccessPath | $().on |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:22:1:25 | drop | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | enclosingFunctionBody | e dataTransfer e originalEvent dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | enclosingFunctionName | drop |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:15:25:15:28 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | contextSurroundingFunctionParameters | (el)\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | enclosingFunctionBody | el HTMLElement el addEventListener drop e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | enclosingFunctionName | install |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | enclosingFunctionBody | e $ #id html e dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | enclosingFunctionName | document.addEventListener#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | CalleeFlexibleAccessPath | $().bind |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:24:34:1 | (e) =>  ... OT OK\\n} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | enclosingFunctionBody | e $ #id html e originalEvent dataTransfer getData text/html |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | enclosingFunctionName | bind#functionalargument |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | contextSurroundingFunctionParameters | ()\n(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | enclosingFunctionBody | div document createElement div div ondrop e DragEvent dataTransfer e dataTransfer text dataTransfer getData text/plain html dataTransfer getData text/html text html e preventDefault div document createElement div html div innerHTML html div textContent text document body append div |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:50:29:50:32 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:73:29:73:39 | droppedHtml | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | contextFunctionInterfaces | drop(e)\ngetDropData(e)\ninstall(el)\nondrop(e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | contextSurroundingFunctionParameters | (e) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | enclosingFunctionBody | e DragEvent Promise Array File dropItems Set File e dataTransfer files length 0 i 0 i e dataTransfer files length i file e dataTransfer files i e dataTransfer types includes text/html droppedHtml e dataTransfer getData text/html container document createElement html container innerHTML droppedHtml imgs container getElementsByTagName img imgs length 1 src imgs 0 0 src dropItems add src e dataTransfer types includes text/plain plainText e dataTransfer getData text/plain /^https?:\\/\\//i test plainText dropItems add plainText imageItems Array from dropItems imageItems |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | enclosingFunctionName | getDropData |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | fileImports |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | receiverName |  |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:32:82:40 | plainText | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | CalleeFlexibleAccessPath | $ |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:5:3:57 | '<a hre ... ck</a>' | InputArgumentIndex | 0 |
@@ -12032,7 +15150,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:4:5:4:11 | tainted | receiverName |  |
@@ -12044,7 +15162,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | receiverName |  |
@@ -12056,7 +15174,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | receiverName |  |
@@ -12068,7 +15186,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | receiverName |  |
@@ -12080,7 +15198,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:8:18:8:34 | "XSS: " + tainted | receiverName |  |
@@ -12092,7 +15210,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:9:5:9:24 | window.location.hash | receiverName |  |
@@ -12104,7 +15222,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:10:5:10:40 | "<b>" + ...  "</b>" | receiverName |  |
@@ -12116,7 +15234,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:14:19:14:58 | decodeU ... n.hash) | receiverName |  |
@@ -12128,7 +15246,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) | receiverName |  |
@@ -12140,11 +15258,167 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | calleeImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextFunctionInterfaces | test() |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString |
+| autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | enclosingFunctionName | test |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | fileImports |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:5:19:8 | hash | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:5:32:17 | hash + 'blah' | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:5:33:17 | 'blah' + hash | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | contextFunctionInterfaces | test() |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | enclosingFunctionBody | tainted document location search $ tainted $ body tainted $ . tainted $ <div id=" tainted "> $ body html XSS:  tainted $ window location hash $ <b> location toString </b> elm document getElementById x elm innerHTML decodeURIComponent window location hash elm innerHTML decodeURIComponent window location search elm innerHTML decodeURIComponent window location toString hash window location hash $ hash $ hash substring 1 $ hash substring 1 10 $ hash substr 1 $ hash slice 1 $ hash substring 0 10 $ hash replace #  $ window location search replace ?  $ hash replace !  $ hash replace blah  $ hash blah $ blah hash $ <b> hash </b> |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | enclosingFunctionName | test |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | receiverName |  |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:5:34:25 | '<b>' + ...  '</b>' | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | CalleeFlexibleAccessPath | JSDOM |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | InputArgumentIndex | 0 |
@@ -12961,6 +16235,30 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | fileImports |  |
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | receiverName |  |
 | autogenerated/Xss/DomBasedXss/translate.js:11:29:11:63 | transla ... term')] | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | receiverName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | contextFunctionInterfaces | createHTML(x)\ncreateHTML(x)\ncreateHTML(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | contextSurroundingFunctionParameters | ()\n(x) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | enclosingFunctionBody | policy1 trustedTypes createPolicy x createHTML x x policy1 createHTML window name policy2 trustedTypes createPolicy x createHTML x safe policy2 createHTML window name policy3 trustedTypes createPolicy x createHTML x x policy3 createHTML safe |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | receiverName |  |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | CalleeFlexibleAccessPath | foo.setAttribute |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/tst3.js:4:25:4:32 | data.src | InputArgumentIndex | 1 |
@@ -13026,11 +16324,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:5:18:5:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | CalleeFlexibleAccessPath | document.write |
@@ -13038,11 +16336,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:8:18:8:126 | "<OPTIO ... PTION>" | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | CalleeFlexibleAccessPath | document.location.href.substring |
@@ -13050,11 +16348,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
@@ -13062,11 +16360,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
@@ -13074,11 +16372,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:14:5:14:43 | '<div s ...  'px">' | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | CalleeFlexibleAccessPath | $ |
@@ -13086,11 +16384,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:15:5:15:52 | '<div s ...  'px">' | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
@@ -13098,11 +16396,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:18:18:18:35 | params.get('name') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | CalleeFlexibleAccessPath | $().html |
@@ -13110,11 +16408,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionBody | target document location search $ myId html target document write <OPTION value=1> document location href substring document location href indexOf default= 8 </OPTION> document write <OPTION value=2>English</OPTION> $ <div style="width: target px"> $ <div style="width: target px"> $ <div style="width: parseInt target px"> params URL document location searchParams $ name html params get name searchParams URLSearchParams target substring 1 $ name html searchParams get name |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:21:18:21:41 | searchP ... 'name') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | CalleeFlexibleAccessPath | $().html |
@@ -13122,11 +16420,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | contextSurroundingFunctionParameters | (target) |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionBody | target $ myId html target |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | enclosingFunctionName | foo |
-| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:26:18:26:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | CalleeFlexibleAccessPath | $().html |
@@ -13134,11 +16432,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:34:16:34:20 | bar() | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | CalleeFlexibleAccessPath | $().html |
@@ -13146,11 +16444,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:16:40:44 | baz(doc ... search) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | CalleeFlexibleAccessPath | baz |
@@ -13158,11 +16456,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | CalleeFlexibleAccessPath | $().html |
@@ -13170,11 +16468,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
@@ -13182,11 +16480,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:54:16:54:45 | chop(do ... search) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | CalleeFlexibleAccessPath | $().html |
@@ -13194,11 +16492,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:56:16:56:45 | chop(do ... search) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | CalleeFlexibleAccessPath | $().html |
@@ -13206,11 +16504,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:58:16:58:32 | wrap(chop(bar())) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | CalleeFlexibleAccessPath | $().html |
@@ -13218,11 +16516,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionBody | s $ myId html s |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | enclosingFunctionName | dangerouslySetInnerHtml |
-| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:62:18:62:18 | s | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | CalleeFlexibleAccessPath | $().html |
@@ -13230,11 +16528,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:68:16:68:20 | bar() | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | CalleeFlexibleAccessPath | $().html |
@@ -13242,11 +16540,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | contextSurroundingFunctionParameters | (x) |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionBody | x x $ myId html x |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | enclosingFunctionName | forEach#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:73:20:73:20 | x | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | CalleeFlexibleAccessPath |  |
@@ -13254,11 +16552,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | assignedToPropName | __html |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:77:49:77:72 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsHtml |
@@ -13266,11 +16564,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:81:26:81:49 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAsCss |
@@ -13278,11 +16576,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:82:25:82:48 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
@@ -13290,11 +16588,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:84:33:84:56 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | CalleeFlexibleAccessPath | $sce.trustAs |
@@ -13302,11 +16600,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | contextSurroundingFunctionParameters | ($sce, $other) |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionBody | $sce $other $sce trustAsHtml document location search $sce trustAsCss document location search $sce trustAsUNKNOWN document location search $sce trustAs $sce HTML document location search $sce trustAs $sce CSS document location search $sce trustAs UNKNOWN document location search $other trustAsHtml document location search |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | receiverName | $sce |
 | autogenerated/Xss/DomBasedXss/tst.js:85:32:85:55 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | CalleeFlexibleAccessPath | angular.element().html |
@@ -13314,11 +16612,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionBody | angular element <div> html document location search angular element <div> html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:90:39:90:62 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | CalleeFlexibleAccessPath | element.html |
@@ -13326,11 +16624,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | contextSurroundingFunctionParameters | ()\n(scope, element) |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionBody | link scope element element html document location search element html SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | enclosingFunctionName | directive#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | receiverName | element |
 | autogenerated/Xss/DomBasedXss/tst.js:96:30:96:53 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | CalleeFlexibleAccessPath | angular.element |
@@ -13338,11 +16636,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionBody | angular element document location search angular element SAFE |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | enclosingFunctionName | service#functionalargument |
-| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | receiverName | angular |
 | autogenerated/Xss/DomBasedXss/tst.js:102:25:102:48 | documen ... .search | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | CalleeFlexibleAccessPath | document.write |
@@ -13350,11 +16648,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:110:18:110:18 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | CalleeFlexibleAccessPath | ?.test |
@@ -13362,11 +16660,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | CalleeFlexibleAccessPath | document.write |
@@ -13374,11 +16672,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | CalleeFlexibleAccessPath | document.write |
@@ -13386,11 +16684,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:119:20:119:20 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | CalleeFlexibleAccessPath | v.match |
@@ -13398,11 +16696,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | receiverName | v |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | CalleeFlexibleAccessPath | document.write |
@@ -13410,11 +16708,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | CalleeFlexibleAccessPath | document.write |
@@ -13422,11 +16720,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:129:22:129:22 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | CalleeFlexibleAccessPath | ?.test |
@@ -13434,11 +16732,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | CalleeFlexibleAccessPath | document.write |
@@ -13446,11 +16744,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | CalleeFlexibleAccessPath | ?.test |
@@ -13458,11 +16756,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | CalleeFlexibleAccessPath | document.write |
@@ -13470,11 +16768,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionBody | v document location search substr 1 document write v /^\\d+$/ test v document write v m /^\\d+$/ exec v document write v v match /^\\d+$/ document write v v match ^\\d+$ document write v /\\d+/ test v document write v /^\\d+$/ test v document write v |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | enclosingFunctionName | tst |
-| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | CalleeFlexibleAccessPath | $().html |
@@ -13482,11 +16780,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:151:49:151:49 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | CalleeFlexibleAccessPath | $().html |
@@ -13494,11 +16792,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | contextSurroundingFunctionParameters | ()\n(xssSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:155:29:155:46 | xssSourceService() | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | CalleeFlexibleAccessPath | $().html |
@@ -13506,11 +16804,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | contextSurroundingFunctionParameters | ()\n()\n(v) |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:165:49:165:49 | v | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | CalleeFlexibleAccessPath | $().html |
@@ -13518,11 +16816,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | contextSurroundingFunctionParameters | ()\n(innocentSourceService) |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionBody | angular module myApp factory xssSource_to_service xssSinkService1 xssSinkService1 xssSinkService1 window location search factory xssSinkService1 v $ <div> html v factory xssSource_from_service xssSourceService xssSourceService $ <div> html xssSourceService factory xssSourceService window location search factory innocentSource_to_service xssSinkService2 xssSinkService2 xssSinkService2 innocent factory xssSinkService2 v $ <div> html v factory innocentSource_from_service innocentSourceService innocentSourceService $ <div> html innocentSourceService factory innocentSourceService innocent |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | enclosingFunctionName | angularJSServices |
-| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:169:29:169:51 | innocen ... rvice() | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | CalleeFlexibleAccessPath | parser.parseFromString |
@@ -13530,11 +16828,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionBody | target document location search parser DOMParser parser parseFromString target application/xml |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | enclosingFunctionName | testDOMParser |
-| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | receiverName | parser |
 | autogenerated/Xss/DomBasedXss/tst.js:180:28:180:33 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | CalleeFlexibleAccessPath |  |
@@ -13542,11 +16840,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:186:31:186:37 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | CalleeFlexibleAccessPath |  |
@@ -13554,11 +16852,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:188:42:188:48 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | CalleeFlexibleAccessPath |  |
@@ -13566,11 +16864,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:189:33:189:39 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | CalleeFlexibleAccessPath |  |
@@ -13578,11 +16876,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:191:54:191:60 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | CalleeFlexibleAccessPath |  |
@@ -13590,11 +16888,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:192:45:192:51 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | CalleeFlexibleAccessPath |  |
@@ -13602,11 +16900,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionBody | tainted document location search document body innerHTML tainted document createElement innerHTML tainted createElement innerHTML tainted document 0 getElementsByClassName 0 innerHTML tainted getElementsByClassName 0 0 innerHTML tainted getElementsByClassName item innerHTML tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | enclosingFunctionName | references |
-| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:193:49:193:55 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | CalleeFlexibleAccessPath | React.createElement |
@@ -13614,11 +16912,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | InputArgumentIndex | 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | assignedToPropName | __html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:199:67:199:73 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | CalleeFlexibleAccessPath | React.createFactory() |
@@ -13626,11 +16924,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | assignedToPropName | __html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:200:67:200:73 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | CalleeFlexibleAccessPath | $().html |
@@ -13638,11 +16936,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:212:28:212:46 | this.state.tainted1 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | CalleeFlexibleAccessPath | $().html |
@@ -13650,11 +16948,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:213:28:213:46 | this.state.tainted2 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | CalleeFlexibleAccessPath | $().html |
@@ -13662,11 +16960,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:214:28:214:46 | this.state.tainted3 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | CalleeFlexibleAccessPath | $().html |
@@ -13674,11 +16972,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:215:28:215:48 | this.st ... Tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | CalleeFlexibleAccessPath | $().html |
@@ -13686,11 +16984,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState) |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:218:32:218:49 | prevState.tainted4 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | CalleeFlexibleAccessPath | $().html |
@@ -13698,11 +16996,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:225:28:225:46 | this.props.tainted1 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | CalleeFlexibleAccessPath | $().html |
@@ -13710,11 +17008,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:226:28:226:46 | this.props.tainted2 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | CalleeFlexibleAccessPath | $().html |
@@ -13722,11 +17020,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:227:28:227:46 | this.props.tainted3 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | CalleeFlexibleAccessPath | $().html |
@@ -13734,11 +17032,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:228:28:228:48 | this.pr ... Tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | CalleeFlexibleAccessPath | $().html |
@@ -13746,11 +17044,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | contextSurroundingFunctionParameters | ()\n()\n(prevState, prevProps) |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:231:32:231:49 | prevProps.tainted4 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | CalleeFlexibleAccessPath |  |
@@ -13758,11 +17056,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | assignedToPropName | __html |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionBody | tainted document location search React createElement div dangerouslySetInnerHTML __html tainted React createFactory div dangerouslySetInnerHTML __html tainted C1 React Component constructor state tainted1 tainted state notTainted dbLookup setState tainted2 tainted state tainted3 tainted state tainted4 tainted test $ myId html state tainted1 $ myId html state tainted2 $ myId html state tainted3 $ myId html state notTainted setState prevState $ myId html prevState tainted4 C2 React Component args constructor test $ myId html props tainted1 $ myId html props tainted2 $ myId html props tainted3 $ myId html props notTainted setState prevState prevProps $ myId html prevProps tainted4 C2 defaultProps tainted1 tainted C2 tainted2 tainted C2 tainted3 tainted C2 tainted4 tainted C3 React Component constructor props props state stateTainted props propTainted render span dangerouslySetInnerHTML __html state stateTainted C3 propTainted tainted |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | enclosingFunctionName | react |
-| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:251:60:251:82 | this.st ... Tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | CalleeFlexibleAccessPath | $ |
@@ -13770,11 +17068,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionBody | $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:259:7:259:17 | window.name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | CalleeFlexibleAccessPath | $ |
@@ -13782,11 +17080,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionBody | $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | enclosingFunctionName | windowName |
-| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:260:7:260:10 | name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | CalleeFlexibleAccessPath | $ |
@@ -13794,11 +17092,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionBody | name a b $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:264:11:264:21 | window.name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | CalleeFlexibleAccessPath | $ |
@@ -13806,11 +17104,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionBody | name a b $ window name $ name |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | enclosingFunctionName | windowNameAssigned |
-| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:265:11:265:14 | name | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | CalleeFlexibleAccessPath | $ |
@@ -13818,11 +17116,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:270:7:270:14 | location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | CalleeFlexibleAccessPath | $ |
@@ -13830,11 +17128,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:271:7:271:21 | window.location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | CalleeFlexibleAccessPath | $ |
@@ -13842,11 +17140,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:272:7:272:23 | document.location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | CalleeFlexibleAccessPath | $ |
@@ -13854,11 +17152,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:276:7:276:10 | loc1 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | CalleeFlexibleAccessPath | $ |
@@ -13866,11 +17164,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:277:7:277:10 | loc2 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | CalleeFlexibleAccessPath | $ |
@@ -13878,11 +17176,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:278:7:278:10 | loc3 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | CalleeFlexibleAccessPath | $().append |
@@ -13890,11 +17188,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionBody | $ location $ window location $ document location loc1 location loc2 window location loc3 document location $ loc1 $ loc2 $ loc3 $ body append location |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | enclosingFunctionName | jqueryLocation |
-| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:280:22:280:29 | location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | CalleeFlexibleAccessPath | range.createContextualFragment |
@@ -13902,11 +17200,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | receiverName | range |
 | autogenerated/Xss/DomBasedXss/tst.js:288:59:288:65 | tainted | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | CalleeFlexibleAccessPath | document.body.appendChild |
@@ -13914,11 +17212,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionBody | tainted window name range document createRange range selectNode document getElementsByTagName div item 0 documentFragment range createContextualFragment tainted document body appendChild documentFragment |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | enclosingFunctionName | testCreateContextualFragment |
-| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:289:31:289:46 | documentFragment | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | CalleeFlexibleAccessPath | $ |
@@ -13926,11 +17224,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionBody | obj obj Math random window name p obj $ p |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | enclosingFunctionName | flowThroughPropertyNames |
-| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:296:9:296:9 | p | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | CalleeFlexibleAccessPath | $().append |
@@ -13938,11 +17236,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:303:20:303:20 | e | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | CalleeFlexibleAccessPath | $().append |
@@ -13950,11 +17248,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionBody | location e $ body append e location e $ body append e |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | enclosingFunctionName | basicExceptions |
-| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:311:20:311:20 | e | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | CalleeFlexibleAccessPath | Handlebars.SafeString |
@@ -13962,11 +17260,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionBody | Handlebars SafeString location |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | enclosingFunctionName | handlebarsSafeString |
-| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | CalleeFlexibleAccessPath | $().html |
@@ -13974,11 +17272,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionBody | target document location search $ myId html target length |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | enclosingFunctionName | test2 |
-| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:323:18:323:30 | target.length | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | CalleeFlexibleAccessPath | $().html |
@@ -13986,11 +17284,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:332:18:332:35 | params.get('name') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | CalleeFlexibleAccessPath | $().html |
@@ -13998,11 +17296,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionBody | params getTaintedUrl searchParams $ name html params get name myUrl getTaintedUrl $ name html myUrl get name |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | enclosingFunctionName | URLPseudoProperties |
-| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:335:18:335:34 | myUrl.get('name') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | CalleeFlexibleAccessPath | $ |
@@ -14010,11 +17308,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionBody | getUrl URL document location $ getUrl hash substring 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | enclosingFunctionName | hash |
-| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:343:5:343:30 | getUrl( ... ring(1) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | CalleeFlexibleAccessPath | $.jGrowl |
@@ -14022,11 +17320,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionBody | target document location search $ jGrowl target |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | enclosingFunctionName | growl |
-| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | receiverName | $ |
 | autogenerated/Xss/DomBasedXss/tst.js:349:12:349:17 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | CalleeFlexibleAccessPath | this.html |
@@ -14034,11 +17332,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:356:16:356:21 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | CalleeFlexibleAccessPath | this.each |
@@ -14046,11 +17344,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | CalleeFlexibleAccessPath |  |
@@ -14058,11 +17356,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | CalleeFlexibleAccessPath |  |
@@ -14070,11 +17368,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | InputArgumentIndex |  |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | assignedToPropName | innerHTML |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | contextSurroundingFunctionParameters | ()\n()\n(i, e) |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionBody | pluginName myFancyJQueryPlugin myPlugin target document location search html target innerHTML target each i e innerHTML target html target e innerHTML target $ fn pluginName myPlugin |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | enclosingFunctionName | thisNodes |
-| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:363:18:363:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | CalleeFlexibleAccessPath | $().html |
@@ -14082,11 +17380,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:374:18:374:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | CalleeFlexibleAccessPath | $().html |
@@ -14094,11 +17392,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionBody | target document location search $ myId html target $ myid html document 0 location href split ? 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:377:18:377:53 | documen ... "?")[0] | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | CalleeFlexibleAccessPath | $().html |
@@ -14106,11 +17404,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:384:18:384:23 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | CalleeFlexibleAccessPath | $().html |
@@ -14118,11 +17416,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:386:18:386:29 | target.taint | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | CalleeFlexibleAccessPath | $().html |
@@ -14130,11 +17428,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:389:18:389:30 | target.taint2 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | CalleeFlexibleAccessPath | $().html |
@@ -14142,11 +17440,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:392:18:392:30 | target.taint3 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | CalleeFlexibleAccessPath | $().html |
@@ -14154,11 +17452,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:395:18:395:34 | target.sub.taint4 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | CalleeFlexibleAccessPath | $().html |
@@ -14166,11 +17464,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:397:18:397:30 | target.taint5 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | CalleeFlexibleAccessPath | $().html |
@@ -14178,11 +17476,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:402:18:402:30 | target.taint6 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | CalleeFlexibleAccessPath | $().html |
@@ -14190,11 +17488,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:406:18:406:30 | target.taint7 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | CalleeFlexibleAccessPath | $().html |
@@ -14202,11 +17500,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:409:18:409:30 | target.taint8 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | CalleeFlexibleAccessPath | $().html |
@@ -14214,11 +17512,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionBody | target document location search $ myId html target $ myId html target taint target taint2 2 $ myId html target taint2 target taint3 document location search $ myId html target taint3 target sub taint4 2 $ myId html target sub taint4 $ myId html target taint5 target taint5 safe target taint6 2 random $ myId html target taint6 random target taint7 safe $ myId html target taint7 target taint8 target taint8 $ myId html target taint8 target taint9 target taint9 safe $ myId html target taint9 |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | enclosingFunctionName | test |
-| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:412:18:412:30 | target.taint9 | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | CalleeFlexibleAccessPath | document.write |
@@ -14226,11 +17524,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:417:18:417:24 | payload | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | CalleeFlexibleAccessPath | document.write |
@@ -14238,11 +17536,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:421:20:421:27 | match[1] | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | CalleeFlexibleAccessPath | document.write |
@@ -14250,11 +17548,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionBody | payload window location hash substr 1 document write payload match window location hash match /hello (\\w+)/ match document write match 1 1 document write window 1 location hash split # 1 |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | enclosingFunctionName | hash2 |
-| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | receiverName | document |
 | autogenerated/Xss/DomBasedXss/tst.js:424:18:424:51 | window. ... '#')[1] | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | CalleeFlexibleAccessPath | $().html |
@@ -14262,11 +17560,11 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:430:18:430:89 | target. ... data>') | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | CalleeFlexibleAccessPath | $().html |
@@ -14274,13 +17572,361 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | InputArgumentIndex | 0 |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | assignedToPropName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | calleeImports |  |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionBody | target document location search $ #foo html target replace /<metadata>[\\s\\S]*<\\/metadata>/ <metadata></metadata> $ #foo html target replace /<\|>/g  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | enclosingFunctionName | nonGlobalSanitizer |
-| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | fileImports | ansi-to-html |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | receiverName |  |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | CalleeFlexibleAccessPath | Element |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | InputAccessPathFromCallee | ?.html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:440:28:440:33 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:441:33:441:38 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | CalleeFlexibleAccessPath | Element().set |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | InputAccessPathFromCallee | 0.html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:442:34:442:39 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | CalleeFlexibleAccessPath | Element().setProperty |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:443:41:443:46 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | CalleeFlexibleAccessPath | Element().setProperties |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | InputAccessPathFromCallee | 0.html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | assignedToPropName | html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:444:44:444:49 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | CalleeFlexibleAccessPath | Element().appendHtml |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | enclosingFunctionBody | source document location search Element div Element div text source Element div html source Element div set html source Element div set html source Element div setProperty html source Element div setProperties html source Element div appendHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | enclosingFunctionName | mootools |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:445:32:445:37 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:455:18:455:23 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | enclosingFunctionBody | source document location search $ #foo html source $ #foo html ansiToHtml toHtml source |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | enclosingFunctionName | ansiToHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:463:21:463:26 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:465:19:465:24 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | InputArgumentIndex |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | assignedToPropName | innerHTML |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | enclosingFunctionBody | source document location search table document getElementById mytable table innerHTML source row table insertRow 1 row innerHTML source cell row insertCell cell innerHTML source |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | enclosingFunctionName | domMethods |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:467:20:467:25 | source | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:12:473:22 | {href: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | InputAccessPathFromCallee | 1.href |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:473:19:473:21 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:474:26:474:28 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:18:475:28 | {href: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | InputAccessPathFromCallee | 0.href |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:475:25:475:27 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:14:476:23 | {src: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:476:20:476:22 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:12:477:36 | {href:  ... n.href} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | InputAccessPathFromCallee | 1.href |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | assignedToPropName | href |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:477:19:477:35 | win.location.href | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:14:479:46 | {src: " ...  + url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:479:20:479:45 | "http:/ ... " + url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:14:481:56 | {src: [ ... n("/")} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:16:484:25 | {src: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:484:22:484:24 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:16:486:25 | {src: url} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | InputAccessPathFromCallee | 1.src |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | InputArgumentIndex | 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | assignedToPropName | src |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | receiverName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:486:22:486:24 | url | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | CalleeFlexibleAccessPath | navigation.navigate |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | contextFunctionInterfaces | URLPseudoProperties()\nangularJSServices()\nansiToHTML()\nbar()\nbasicExceptions()\nbaz(x)\nchop(s)\nconstructor()\nconstructor(args)\nconstructor(props)\ndangerouslySetInnerHtml(s)\ndomMethods()\nflowThroughPropertyNames()\nfoo(target)\ngetTaintedUrl()\ngetUrl()\ngrowl()\nhandlebarsSafeString()\nhash()\nhash2()\njqueryLocation()\nlink(scope, element)\nmootools()\nmyPlugin()\nnonGlobalSanitizer()\nreact()\nreferences()\nrender()\ntest()\ntest()\ntest()\ntest()\ntest()\ntest2()\ntestCreateContextualFragment()\ntestDOMParser()\nthisNodes()\ntst()\nurlStuff()\nwindowName()\nwindowNameAssigned()\nwrap(s) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | enclosingFunctionBody | url document location search substr 1 $ <a> href url appendTo body $ #foo attr href url $ #foo attr href url $ <img> src url appendTo body $ <a> href win location href appendTo body $ <img> src http://google.com/ url appendTo body $ <img> src http://google.com url join / appendTo body url startsWith https:// $ <img> src url appendTo body $ <img> src url appendTo body window open location hash substr 1 navigation navigate location hash substr 1 |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | enclosingFunctionName | urlStuff |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | fileImports | ansi-to-html |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | receiverName | navigation |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | CalleeFlexibleAccessPath | Bloodhound |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | InputAccessPathFromCallee |  |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | InputArgumentIndex | 0 |
@@ -14578,7 +18224,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | contextSurroundingFunctionParameters |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | receiverName |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:3:1:10 | document | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | CalleeFlexibleAccessPath | $().ready |
@@ -14590,7 +18236,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | enclosingFunctionBody |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | enclosingFunctionName |  |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | receiverName |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | CalleeFlexibleAccessPath | xhr.open |
@@ -14602,7 +18248,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | receiverName | xhr |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | CalleeFlexibleAccessPath | $().html |
@@ -14614,7 +18260,7 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | contextSurroundingFunctionParameters | ()\n() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | receiverName |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | stringConcatenatedWith |  |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | CalleeFlexibleAccessPath | console.log |
@@ -14626,9 +18272,57 @@ tokenFeatures
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionBody | xhr XMLHttpRequest url {{ some_url }} xhr open GET url true xhr setRequestHeader Content-Type application/json xhr onreadystatechange xhr readyState 4 json JSON parse xhr responseText $ #myThing html json message xhr send error console log error |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | enclosingFunctionName | ready#functionalargument |
-| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | fileImports | got |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | receiverName | console |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | receiverName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:3:18:10 | document | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | CalleeFlexibleAccessPath | $().ready |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | enclosingFunctionBody |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | enclosingFunctionName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | receiverName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:19:24:1 | async f ... rces\\n\\n} | stringConcatenatedWith |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | InputAccessPathFromCallee |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | InputArgumentIndex | 0 |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | assignedToPropName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | calleeImports |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | contextFunctionInterfaces | onreadystatechange() |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | enclosingFunctionBody | got require got resp got get {{ some_url }} json JSON parse resp body $ #myThing html json message |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | enclosingFunctionName | ready#functionalargument |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | fileImports | got |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | receiverName |  |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:24:22:35 | json.message | stringConcatenatedWith |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | CalleeFlexibleAccessPath | joi.object().keys |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | InputArgumentIndex | 0 |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | assignedToPropName |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | calleeImports | joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | contextFunctionInterfaces |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | contextSurroundingFunctionParameters |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | enclosingFunctionBody |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | enclosingFunctionName |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | fileImports | ajv express joi |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | receiverName |  |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:37:19:1 | {\\n    n ... red()\\n} | stringConcatenatedWith |  |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputAccessPathFromCallee |  |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | InputArgumentIndex | 0 |
@@ -15306,7 +19000,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | contextSurroundingFunctionParameters | (factory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionBody | factory define function define amd define jquery jquery-ui factory factory jQuery |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | enclosingFunctionName |  |
@@ -15318,23 +19012,83 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | calleeImports | jquery |
-| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextFunctionInterfaces |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | contextSurroundingFunctionParameters | ($) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionBody | $ $ <span> $ trim foo </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | fileImports | jquery jquery-ui |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:7:8:42 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:20:12:53 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | contextFunctionInterfaces | myPlugin(stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | contextSurroundingFunctionParameters | (stuff, options) |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | enclosingFunctionBody | stuff options $ #foo html <span> options foo </span> $ #foo html <span> stuff </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | enclosingFunctionName | myPlugin |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | fileImports | jquery jquery-ui |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:20:14:47 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | InputArgumentIndex |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:49:3:52 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | InputArgumentIndex |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:49:3:52 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | InputArgumentIndex |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | contextFunctionInterfaces | trivialXss(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | enclosingFunctionName | trivialXss |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | fileImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:49:3:52 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | CalleeFlexibleAccessPath |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputAccessPathFromCallee |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionBody | s html <span> s </span> document querySelector #html innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | enclosingFunctionName | xssThroughHTMLConstruction |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:49:3:52 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
@@ -15342,11 +19096,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:49:7:49 | s | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | CalleeFlexibleAccessPath | document.querySelector().appendChild |
@@ -15354,11 +19108,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml document querySelector #xml appendChild doc documentElement |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | enclosingFunctionName | xssThroughXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:48:8:66 | doc.documentElement | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
@@ -15366,11 +19120,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:12:49:12:49 | s | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | CalleeFlexibleAccessPath | tmp.appendChild |
@@ -15378,11 +19132,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | receiverName | tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:16:21:16:35 | xml.cloneNode() | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | CalleeFlexibleAccessPath | document.querySelector().appendChild |
@@ -15390,11 +19144,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml xml doc documentElement tmp document createElement span tmp appendChild xml cloneNode document querySelector #xml appendChild tmp |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | enclosingFunctionName | xssThroughMoreComplexXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:17:48:17:50 | tmp | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | CalleeFlexibleAccessPath |  |
@@ -15402,11 +19156,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | enclosingFunctionName | xssThroughMarkdown |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:23:53:23:56 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | CalleeFlexibleAccessPath |  |
@@ -15414,11 +19168,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionBody | s html striptags <span> s </span> document querySelector #sanitized innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | enclosingFunctionName | sanitizedHTML |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:29:54:29:57 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | CalleeFlexibleAccessPath | DOMParser().parseFromString |
@@ -15426,11 +19180,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | contextSurroundingFunctionParameters | (s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionBody | s doc DOMParser parseFromString s text/xml |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | enclosingFunctionName | plainDOMXMLParsing |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:37:49:37:49 | s | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | CalleeFlexibleAccessPath |  |
@@ -15438,11 +19192,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionBody | document querySelector #class innerHTML <span> step </span> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | enclosingFunctionName | doXss |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:47:54:47:85 | "<span> ... /span>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | CalleeFlexibleAccessPath | $.extend |
@@ -15450,11 +19204,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | contextSurroundingFunctionParameters | (options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | receiverName | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | CalleeFlexibleAccessPath | $.extend |
@@ -15462,11 +19216,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | contextSurroundingFunctionParameters | (options) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | receiverName | $ |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | CalleeFlexibleAccessPath | this.each |
@@ -15474,11 +19228,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | CalleeFlexibleAccessPath | $ |
@@ -15486,11 +19240,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | CalleeFlexibleAccessPath | $().appendTo |
@@ -15498,11 +19252,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | assignedToPropName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | contextSurroundingFunctionParameters | (options)\n() |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionBody | options defaults name name settings $ extend defaults options each $ <b> settings name </b> appendTo |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | enclosingFunctionName | xssPlugin |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:52:62:55 | this | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | CalleeFlexibleAccessPath |  |
@@ -15510,11 +19264,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:67:47:67:78 | "<img a ...  "\\"/>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | CalleeFlexibleAccessPath |  |
@@ -15522,11 +19276,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:68:47:68:98 | "<img a ...  "\\"/>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | CalleeFlexibleAccessPath |  |
@@ -15534,11 +19288,11 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | contextSurroundingFunctionParameters | (attrVal) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionBody | attrVal document querySelector #id innerHTML <img alt=" attrVal "/> document querySelector #id innerHTML <img alt=" attrVal replace /"\|'/g  "/> attrVal indexOf " 1 attrVal indexOf ' 1 document querySelector #id innerHTML <img alt=" attrVal "/> |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | enclosingFunctionName | guards |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:51:70:82 | "<img a ...  "\\"/>" | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | CalleeFlexibleAccessPath |  |
@@ -15546,13 +19300,133 @@ tokenFeatures
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | InputArgumentIndex |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | assignedToPropName | innerHTML |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | calleeImports |  |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | contextSurroundingFunctionParameters | (obj) |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionBody | obj html <span> obj spanTemplate </span> document querySelector #template innerHTML html |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | enclosingFunctionName | intentionalTemplate |
-| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | receiverName |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:53:76:56 | html | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:24:81:49 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:24:83:49 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | contextSurroundingFunctionParameters | (val) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | enclosingFunctionBody | val val string $ #foo html <span> val </span> val number $ #foo html <span> val </span> val boolean $ #foo html <span> val </span> |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | enclosingFunctionName | types |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:24:85:49 | "<span> ... /span>" | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | enclosingFunctionBody | x $ #foo html createHTML x |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:20:94:32 | createHTML(x) | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:24:100:26 | svg | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:24:106:26 | svg | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | contextSurroundingFunctionParameters | (x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | assignedToPropName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | contextSurroundingFunctionParameters | (x)\n(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | enclosingFunctionBody | x myMermaid render id x svg $ #foo html svg $ #foo html myMermaid render id x mermaid render id x svg $ #foo html svg $ #foo html mermaid render id x mermaid mermaidAPI render id x svg $ #foo html svg |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | enclosingFunctionName | usesCreateHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:24:112:26 | svg | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | InputArgumentIndex |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | assignedToPropName | innerHTML |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | calleeImports |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | contextFunctionInterfaces | constructor(s)\ncreateHTML(x)\ncreatesClass(s)\ndoXss()\nguards(attrVal)\nintentionalTemplate(obj)\nplainDOMXMLParsing(s)\nsanitizedHTML(s)\ntypes(val)\nusesCreateHTML(x)\nusesCreateHTML(x)\nxssPlugin(options)\nxssThroughHTMLConstruction(s)\nxssThroughMarkdown(s)\nxssThroughMarkdown(s)\nxssThroughMoreComplexXMLParsing(s)\nxssThroughXMLParsing(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | contextSurroundingFunctionParameters | (s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | enclosingFunctionBody | s html markdown render s document querySelector #markdown innerHTML html |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | enclosingFunctionName | xssThroughMarkdown |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | fileImports | ./jquery-plugin ./typed markdown-it mermaid striptags |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | receiverName |  |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:53:118:56 | html | stringConcatenatedWith |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | CalleeFlexibleAccessPath |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputAccessPathFromCallee |  |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:3:31:3:34 | html | InputArgumentIndex |  |
@@ -15582,7 +19456,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:5:3:11 | options | enclosingFunctionName |  |
@@ -15594,7 +19468,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:5:5:18 | options.target | enclosingFunctionName |  |
@@ -15606,7 +19480,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:8:6:8:19 | options.target | enclosingFunctionName |  |
@@ -15618,7 +19492,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:14:6:14:11 | target | enclosingFunctionName |  |
@@ -15630,7 +19504,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | enclosingFunctionName |  |
@@ -15642,7 +19516,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | enclosingFunctionName |  |
@@ -15654,7 +19528,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:24:6:24:11 | target | enclosingFunctionName |  |
@@ -15666,7 +19540,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:28:6:28:11 | target | enclosingFunctionName |  |
@@ -15678,7 +19552,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:30:6:30:11 | target | enclosingFunctionName |  |
@@ -15690,7 +19564,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:34:6:34:11 | target | enclosingFunctionName |  |
@@ -15702,7 +19576,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:36:6:36:11 | target | enclosingFunctionName |  |
@@ -15714,7 +19588,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:40:6:40:11 | target | enclosingFunctionName |  |
@@ -15726,7 +19600,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:42:6:42:11 | target | enclosingFunctionName |  |
@@ -15738,7 +19612,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:46:6:46:11 | target | enclosingFunctionName |  |
@@ -15750,7 +19624,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:48:6:48:11 | target | enclosingFunctionName |  |
@@ -15762,7 +19636,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:52:6:52:11 | target | enclosingFunctionName |  |
@@ -15774,7 +19648,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:54:6:54:11 | target | enclosingFunctionName |  |
@@ -15786,7 +19660,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:58:6:58:11 | target | enclosingFunctionName |  |
@@ -15798,7 +19672,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:60:6:60:11 | target | enclosingFunctionName |  |
@@ -15810,7 +19684,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:66:26:66:32 | element | enclosingFunctionName |  |
@@ -15822,7 +19696,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | enclosingFunctionName |  |
@@ -15834,7 +19708,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | enclosingFunctionName |  |
@@ -15846,7 +19720,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | contextSurroundingFunctionParameters | ()\n(element, options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | enclosingFunctionName |  |
@@ -15858,7 +19732,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | enclosingFunctionName |  |
@@ -15870,7 +19744,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:73:5:73:16 | options.html | enclosingFunctionName |  |
@@ -15882,7 +19756,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:5:77:5 | x | enclosingFunctionName |  |
@@ -15894,7 +19768,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | enclosingFunctionName |  |
@@ -15906,7 +19780,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | enclosingFunctionName |  |
@@ -15918,7 +19792,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | enclosingFunctionName |  |
@@ -15930,7 +19804,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | enclosingFunctionName |  |
@@ -15942,7 +19816,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | enclosingFunctionName |  |
@@ -15954,7 +19828,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | contextSurroundingFunctionParameters | (o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | enclosingFunctionName |  |
@@ -15966,7 +19840,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | enclosingFunctionName |  |
@@ -15978,7 +19852,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | enclosingFunctionName |  |
@@ -15990,7 +19864,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | enclosingFunctionName |  |
@@ -16002,7 +19876,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | enclosingFunctionName |  |
@@ -16014,7 +19888,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | enclosingFunctionName |  |
@@ -16026,7 +19900,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:107:5:107:18 | options.target | enclosingFunctionName |  |
@@ -16038,7 +19912,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | enclosingFunctionName |  |
@@ -16050,7 +19924,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | enclosingFunctionName |  |
@@ -16062,7 +19936,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | InputArgumentIndex | 2 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | enclosingFunctionName |  |
@@ -16074,7 +19948,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | enclosingFunctionName |  |
@@ -16086,7 +19960,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:117:5:117:18 | options.target | enclosingFunctionName |  |
@@ -16098,7 +19972,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:122:5:122:18 | options.target | enclosingFunctionName |  |
@@ -16110,7 +19984,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | enclosingFunctionName |  |
@@ -16122,7 +19996,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | InputArgumentIndex | 1 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | contextSurroundingFunctionParameters | () |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | enclosingFunctionName |  |
@@ -16134,7 +20008,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | enclosingFunctionName |  |
@@ -16146,7 +20020,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:132:5:132:18 | options.target | enclosingFunctionName |  |
@@ -16158,7 +20032,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | enclosingFunctionName |  |
@@ -16170,7 +20044,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:141:5:141:16 | intentional1 | enclosingFunctionName |  |
@@ -16182,7 +20056,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:144:5:144:16 | intentional2 | enclosingFunctionName |  |
@@ -16194,7 +20068,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:147:5:147:16 | intentional3 | enclosingFunctionName |  |
@@ -16206,7 +20080,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:150:5:150:17 | unintentional | enclosingFunctionName |  |
@@ -16218,7 +20092,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:33:155:38 | target | enclosingFunctionName |  |
@@ -16230,7 +20104,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:44:155:51 | document | enclosingFunctionName |  |
@@ -16242,7 +20116,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | enclosingFunctionName |  |
@@ -16254,7 +20128,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | enclosingFunctionName |  |
@@ -16266,7 +20140,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:60:156:67 | document | enclosingFunctionName |  |
@@ -16278,7 +20152,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | enclosingFunctionName |  |
@@ -16290,7 +20164,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | enclosingFunctionName |  |
@@ -16302,7 +20176,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:65:157:72 | document | enclosingFunctionName |  |
@@ -16314,7 +20188,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | enclosingFunctionName |  |
@@ -16326,7 +20200,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | enclosingFunctionName |  |
@@ -16338,7 +20212,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:163:5:163:54 | somethi ... target) | enclosingFunctionName |  |
@@ -16350,7 +20224,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:167:6:167:11 | target | enclosingFunctionName |  |
@@ -16362,7 +20236,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:170:6:170:11 | target | enclosingFunctionName |  |
@@ -16374,7 +20248,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:5:179:18 | options.target | enclosingFunctionName |  |
@@ -16386,7 +20260,7 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:5:182:12 | document | enclosingFunctionName |  |
@@ -16398,13 +20272,61 @@ tokenFeatures
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | InputArgumentIndex | 0 |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | assignedToPropName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | calleeImports |  |
-| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | contextSurroundingFunctionParameters | ()\n(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | enclosingFunctionBody |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | enclosingFunctionName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | fileImports |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | receiverName |  |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | CalleeFlexibleAccessPath | $.extend |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | assignedToPropName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | calleeImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | enclosingFunctionBody |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | receiverName | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:23:190:24 | {} | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | CalleeFlexibleAccessPath | $.extend |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | InputArgumentIndex | 1 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | assignedToPropName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | calleeImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | enclosingFunctionBody |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | receiverName | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:27:190:33 | options | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | CalleeFlexibleAccessPath | $ |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | assignedToPropName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | calleeImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | enclosingFunctionBody |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | receiverName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:19:192:28 | options.of | stringConcatenatedWith |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | CalleeFlexibleAccessPath | console.log |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | InputAccessPathFromCallee |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | InputArgumentIndex | 0 |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | assignedToPropName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | calleeImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | contextFunctionInterfaces | f(o)\nf(options)\nf(options)\nmy_plugin(element, options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nmy_plugin(options)\nposition(options)\nsetupPlugin(o) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | contextSurroundingFunctionParameters | ()\n(options) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | enclosingFunctionBody |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | enclosingFunctionName |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | fileImports |  |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | receiverName | console |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:15:193:20 | target | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | CalleeFlexibleAccessPath | $().html |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | InputAccessPathFromCallee |  |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | InputArgumentIndex | 0 |
@@ -16554,11 +20476,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:2:16:2:34 | $("textarea").val() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | CalleeFlexibleAccessPath | $().html |
@@ -16566,11 +20488,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:4:16:4:40 | $(".som ... .text() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | CalleeFlexibleAccessPath | $().html |
@@ -16578,11 +20500,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:6:16:6:52 | $(".som ...  "bar") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | CalleeFlexibleAccessPath | $().html |
@@ -16590,11 +20512,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:16:7:54 | $(".som ... "bar"}) | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | CalleeFlexibleAccessPath | $().attr |
@@ -16602,11 +20524,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | CalleeFlexibleAccessPath | $().html |
@@ -16614,11 +20536,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | CalleeFlexibleAccessPath | $().html |
@@ -16626,11 +20548,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:11:3:11:42 | documen ... nerText | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | CalleeFlexibleAccessPath | $().html |
@@ -16638,11 +20560,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:15:3:15:42 | documen ... nerHTML | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | CalleeFlexibleAccessPath | $().html |
@@ -16650,11 +20572,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:19:3:19:44 | documen ... Content | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | CalleeFlexibleAccessPath | $().html |
@@ -16662,11 +20584,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:23:3:23:48 | documen ... ].value | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | CalleeFlexibleAccessPath | $().html |
@@ -16674,11 +20596,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:27:3:27:61 | documen ... arget') | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | CalleeFlexibleAccessPath | $ |
@@ -16686,11 +20608,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:32:16:32:16 | x | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | CalleeFlexibleAccessPath | $ |
@@ -16698,11 +20620,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | contextSurroundingFunctionParameters | (x) |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | CalleeFlexibleAccessPath | $().html |
@@ -16710,11 +20632,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | CalleeFlexibleAccessPath | $ |
@@ -16722,11 +20644,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:5:47:32 | "<p>" + ...  "</p>" | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | CalleeFlexibleAccessPath |  |
@@ -16734,11 +20656,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:51:30:51:48 | $("textarea").val() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | CalleeFlexibleAccessPath | base.? |
@@ -16746,11 +20668,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | receiverName | base |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:54:31:54:49 | $("textarea").val() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | CalleeFlexibleAccessPath |  |
@@ -16758,11 +20680,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | CalleeFlexibleAccessPath |  |
@@ -16770,11 +20692,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | CalleeFlexibleAccessPath |  |
@@ -16782,11 +20704,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:59:30:59:58 | $("inpu ... e("id") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | CalleeFlexibleAccessPath |  |
@@ -16794,11 +20716,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:30:61:69 | $(docum ... value") | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | CalleeFlexibleAccessPath | $ |
@@ -16806,11 +20728,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:61:32:61:39 | document | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | CalleeFlexibleAccessPath |  |
@@ -16818,11 +20740,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:64:30:64:40 | valMethod() | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | CalleeFlexibleAccessPath | $ |
@@ -16830,11 +20752,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:66:18:66:25 | document | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | CalleeFlexibleAccessPath |  |
@@ -16842,11 +20764,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | InputArgumentIndex |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | assignedToPropName | innerHTML |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:68:31:68:37 | myValue | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | CalleeFlexibleAccessPath | $.jGrowl |
@@ -16854,11 +20776,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | receiverName | $ |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | CalleeFlexibleAccessPath | $ |
@@ -16866,11 +20788,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:77:4:77:11 | selector | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | CalleeFlexibleAccessPath | $ |
@@ -16878,11 +20800,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:79:4:79:34 | documen ... t.value | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | CalleeFlexibleAccessPath | $().html |
@@ -16890,11 +20812,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | CalleeFlexibleAccessPath | $().html |
@@ -16902,11 +20824,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | CalleeFlexibleAccessPath | $().html |
@@ -16914,11 +20836,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | contextSurroundingFunctionParameters | () |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:87:16:87:40 | new ans ... s(text) | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | CalleeFlexibleAccessPath | $().each |
@@ -16926,11 +20848,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | CalleeFlexibleAccessPath | $().append |
@@ -16938,11 +20860,11 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | stringConcatenatedWith |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | CalleeFlexibleAccessPath | $ |
@@ -16950,13 +20872,193 @@ tokenFeatures
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | InputArgumentIndex | 0 |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | assignedToPropName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | calleeImports |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | safe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | contextSurroundingFunctionParameters | ()\n() |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionBody | $ #id html $ textarea val $ #id html $ .some-element text $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr foo bar $ #id html $ .some-element attr data-target $ #id html document getElementById foo innerText $ #id html document getElementById foo innerHTML $ #id html document getElementById foo textContent $ #id html document 0 querySelectorAll textarea 0 value $ #id html document getElementById div1 getAttribute data-target safe1 x x jquery foo $ x safe1 $ textarea val safe2 x x object foo $ x safe2 $ textarea val $ #id html $ <p> something </p> text $ #id get 0 innerHTML $ textarea val base $ #id base html html text $ textarea val $ #id get 0 innerHTML $ input get 0 name $ #id get 0 innerHTML $ input get 0 getAttribute name $ #id get 0 innerHTML $ input getAttribute id $ #id get 0 innerHTML $ document find option attr value valMethod $ textarea val $ #id get 0 innerHTML valMethod myValue $ document find option attr value myValue property $ #id get 0 innerHTML myValue $ jGrowl $ input get 0 name selector $ input get 0 name something selector $ textarea val  $ selector $ document my_form my_input value $ #id html $ #foo prop innerText anser require anser text $ text text $ #id html anser ansiToHtml text $ #id html anser process text $ section h1 each $ nav ul append <a href='# $ text toLowerCase replace / /g - replace /[^\\w-]+/g  '>Section</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionBody |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | enclosingFunctionName |  |
-| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | fileImports | anser cash-dom |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | receiverName |  |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:39:90:42 | this | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | enclosingFunctionBody |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | enclosingFunctionBody |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | InputArgumentIndex |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | assignedToPropName | innerHTML |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | enclosingFunctionBody | $ #id get 0 innerHTML <a src=" el src ">foo</a> |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | enclosingFunctionName | constructor |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:16:115:18 | src | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | InputArgumentIndex | 1 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:26:117:28 | src | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | CalleeFlexibleAccessPath | $().attr |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | InputArgumentIndex | 1 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | contextSurroundingFunctionParameters | ()\n(ev) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | enclosingFunctionBody | src document getElementById #link src $ #id html src $ #id attr src src $ 0 input.foo 0 onchange ev $ #id html ev 0 target files 0 name $ img#id attr src URL createObjectURL ev 0 target files 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | CalleeFlexibleAccessPath |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | InputArgumentIndex |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | assignedToPropName | innerHTML |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:131:19:131:26 | linkText | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | CalleeFlexibleAccessPath | $().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | enclosingFunctionBody | elem document createElement a wSelection getSelection dSelection document getSelection linkText wSelection toString dSelection toString  elem innerHTML linkText $ #id html linkText elem innerText linkText |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:16:132:23 | linkText | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | CalleeFlexibleAccessPath | cash().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | calleeImports |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:19:140:21 | src | stringConcatenatedWith |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | CalleeFlexibleAccessPath | cashDom().html |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | InputAccessPathFromCallee |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | InputArgumentIndex | 0 |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | assignedToPropName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | calleeImports | cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | contextFunctionInterfaces | constructor()\nconstructor()\nonchange(ev)\nsafe1(x)\nsafe2(x) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | contextSurroundingFunctionParameters | () |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | enclosingFunctionBody | src document getElementById #link src cash #id html src cashDom #id html src |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | enclosingFunctionName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | fileImports | anser cash-dom |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | receiverName |  |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:25:141:27 | src | stringConcatenatedWith |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | CalleeFlexibleAccessPath | ?.test |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | InputAccessPathFromCallee |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | assignedToPropName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | contextSurroundingFunctionParameters | (text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | enclosingFunctionBody | text /<!--\|--!?>/g test text text text replace /<!--\|--!?>/g  text |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | receiverName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:29:29:32 | text | stringConcatenatedWith |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | CalleeFlexibleAccessPath | req.url.substring |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | InputAccessPathFromCallee |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | assignedToPropName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | contextSurroundingFunctionParameters | (req) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | enclosingFunctionBody | req beg i 0 i req url length i req url i . req url i 1 / beg i 1 req url i ? beg req url req url substring beg |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | receiverName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:40:58:42 | beg | stringConcatenatedWith |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | InputAccessPathFromCallee |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | assignedToPropName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | receiverName | o |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:12:149:40 | {specif ... me : a} | stringConcatenatedWith |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | CalleeFlexibleAccessPath | o.push |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | InputAccessPathFromCallee |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | InputArgumentIndex | 0 |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | assignedToPropName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | calleeImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | contextFunctionInterfaces |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | contextSurroundingFunctionParameters | (content)\n(a) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | enclosingFunctionBody | content content content replace /<script[\\s\\S]*?<\\/script>/gi  content content replace /<[a-zA-Z\\/](.\|\\n)*?>/g    content content replace /<(script\|iframe\|video)[\\s\\S]*?<\\/(script\|iframe\|video)>/g  content content replace /<(script\|iframe\|video)(.\|\\s)*?\\/(script\|iframe\|video)>/g  content content replace /<[^<]*>/g  n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a n cloneNode false outerHTML replace /<\\/?[\\w:\\-]+ ?\|=[\\"][^\\"]+\\"\|=\\'[^\\']+\\'\|=[\\w\\-]+\|>/gi  replace /[\\w:\\-]+/gi a o push specified 1 nodeName a |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | enclosingFunctionName |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | fileImports |  |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | receiverName | o |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:12:153:40 | {specif ... me : a} | stringConcatenatedWith |  |
 | index.js:21:9:21:9 | x | CalleeFlexibleAccessPath | _.map |
 | index.js:21:9:21:9 | x | InputAccessPathFromCallee |  |
 | index.js:21:9:21:9 | x | InputArgumentIndex | 0 |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected
index f2e04cfa063..a7dd9af52cb 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected
@@ -7,18 +7,26 @@ taintedPathFilteredTruePositives
 | autogenerated/TaintedPath/TaintedPath.js:66:26:66:31 | "SAFE" | not a direct argument to a likely external library call or a heuristic sink (tainted path) |
 | autogenerated/TaintedPath/TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | not a direct argument to a likely external library call or a heuristic sink (tainted path) |
 xssFilteredTruePositives
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:71:5:76 | 'safe' | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | not a direct argument to a likely external library call or a heuristic sink (xss) |
 xssThroughDomFilteredTruePositives
+| autogenerated/Xss/DomBasedXss/classnames.js:17:32:17:79 | `<span  ... <span>` | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:71:2:71 | x | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:71:5:76 | 'safe' | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:71:8:71 | x | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | not a direct argument to a likely external library call or a heuristic sink (xss) |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.expected
index 78445f55f46..b9fb02602c5 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/getALikelyExternalLibraryCall.expected
@@ -14,6 +14,35 @@
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:8:5:11:6 | dbClien ... \\n    }) |
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:9:12:9:41 | client. ... B_NAME) |
 | autogenerated/NosqlAndSqlInjection/untyped/dbo.js:10:14:10:20 | fn(err) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:1:15:1:32 | require('express') |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:2:11:2:19 | express() |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:7:1:21:2 | app.get ...  `);\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:10:22:20:6 | kit.gra ... \\n    `) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:25:1:34:2 | app.get ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:27:22:27:41 | graphql(`foo ${id}`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:29:23:29:48 | withCus ... equest) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:30:22:30:43 | myGraph ... ${id}`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:32:26:32:45 | graphql.defaults({}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:33:5:33:29 | withDef ... ${id}`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:36:21:36:47 | require ... quest") |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:38:1:49:2 | app.get ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:40:26:45:6 | request ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:47:26:47:45 | request.defaults({}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:48:5:48:57 | withDef ... id}` }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:54:1:59:2 | app.get ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:56:26:56:50 | kit2.gr ... ${id}`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:58:27:58:79 | kit2.re ... id}` }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:62:14:66:2 | buildSc ... \\n  }\\n`) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:73:1:113:2 | app.get ...   })\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:75:24:75:71 | nativeG ... , root) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:77:3:92:4 | fetch(" ... })\\n  }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:82:11:91:6 | JSON.st ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:94:3:112:4 | fetch(" ... })\\n  }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:99:11:111:6 | JSON.st ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:115:16:115:41 | require ... ithub') |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:116:1:121:2 | app.get ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:117:17:117:40 | github. ... ("foo") |
+| autogenerated/NosqlAndSqlInjection/untyped/graphql.js:120:26:120:49 | kit.gra ... ${id}`) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:5:13:5:21 | express() |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:15:21:15:39 | ajv.compile(schema) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:21:1:37:2 | app.pos ...  });\\n}) |
@@ -26,6 +55,42 @@
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:30:13:30:27 | doc.find(query) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:33:13:33:27 | doc.find(query) |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:35:9:35:23 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:19:44:2 | Joi.obj ... ed()\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:41:19:44:24 | Joi.obj ... title') |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:22 | Joi.string() |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:42:11:42:33 | Joi.str ... uired() |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:23 | Joi.string() |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:43:12:43:34 | Joi.str ... uired() |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:46:1:64:2 | app.pos ...  });\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:47:5:63:6 | MongoCl ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:48:19:48:38 | db.collection('doc') |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:51:26:51:50 | joiSche ... (query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:53:13:53:27 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:55:13:55:27 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:58:19:58:48 | joiSche ... (query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:59:13:59:27 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:61:13:61:27 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:1:14:1:28 | require("http") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:2:13:2:26 | require("url") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:3:14:3:30 | require("ldapjs") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:4:16:6:2 | ldap.cr ... 89",\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:11:27 | input\\n  ... "\\\\2a") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:12:27 | input\\n  ... "\\\\28") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:13:27 | input\\n  ... "\\\\29") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:14:27 | input\\n  ... "\\\\5c") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:15:27 | input\\n  ... "\\\\00") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:10:10:16:27 | input\\n  ... "\\\\2f") |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:19:16:69:2 | http.cr ... T OK\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:20:11:20:34 | url.par ... , true) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:28:3:28:59 | client. ... es) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:30:3:34:3 | client. ...  {}\\n  ) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:37:3:45:3 | client. ...  {}\\n  ) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:61:3:61:67 | client. ... es) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:63:24:65:3 | ldap.pa ... ))`\\n  ) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:66:3:66:78 | client. ... es) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:68:14:68:66 | ldap.pa ... dn) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/ldap.js:71:1:71:28 | server. ...  => {}) |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-from.js:1:16:1:32 | require("marsdb") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:1:17:1:34 | require("express") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:2:20:2:41 | require ... arser") |
@@ -33,16 +98,16 @@
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:5:13:5:21 | express() |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:1:7:50 | app.use ... rue })) |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:7:9:7:49 | bodyPar ... true }) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:1:15:2 | app.pos ... ry);\\n}) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:3:14:22 | db.myDoc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:9:1:15:2 | app.pos ... {});\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb-flow-to.js:14:3:14:41 | db.myDo ...  => {}) |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:1:17:1:34 | require("express") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:2:12:2:28 | require("marsdb") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:3:16:3:37 | require ... arser") |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:7:13:7:21 | express() |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:1:9:50 | app.use ... rue })) |
 | autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:9:9:9:49 | bodyPar ... true }) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:1:17:2 | app.pos ... ry);\\n}) |
-| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:3:16:17 | doc.find(query) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:11:1:17:2 | app.pos ... {});\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/marsdb.js:16:3:16:36 | doc.fin ...  => {}) |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:1:17:1:34 | require("express") |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:2:15:2:34 | require("minimongo") |
 | autogenerated/NosqlAndSqlInjection/untyped/minimongo.js:3:16:3:37 | require ... arser") |
@@ -221,6 +286,18 @@
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:11:3:11:25 | MyModel ... d: v }) |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:12:3:12:35 | MyModel ... y.id }) |
 | autogenerated/NosqlAndSqlInjection/untyped/mongooseModelClient.js:13:3:13:40 | MyModel ... id}` }) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:13:1:30 | require("express") |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:1:13:1:32 | require("express")() |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:2:15:2:30 | require('mysql') |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:14:3:42 | mysql.c ... nfig()) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:3:31:3:41 | getConfig() |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:5:1:22:2 | app.get ...  });\\n}) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:7:5:12:6 | pool.ge ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:8:9:11:47 | connect ... ds) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:13:5:17:6 | pool.ge ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:14:9:16:47 | connect ... ds) {}) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:18:5:21:6 | pool.ge ... \\n    }) |
+| autogenerated/NosqlAndSqlInjection/untyped/mysql.js:19:9:20:48 | connect ... ds) {}) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:8:5:8:22 | this.db.one(taint) |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:9:5:9:13 | res.end() |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise-types.ts:13:1:13:18 | require('express') |
@@ -522,6 +599,63 @@
 | autogenerated/TaintedPath/TaintedPath.js:195:13:195:85 | fs.read ... /, '')) |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:54 | pathMod ... e(path) |
 | autogenerated/TaintedPath/TaintedPath.js:195:29:195:84 | pathMod ... +/, '') |
+| autogenerated/TaintedPath/TaintedPath.js:200:14:207:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/TaintedPath.js:202:14:202:26 | require("qs") |
+| autogenerated/TaintedPath/TaintedPath.js:203:3:203:51 | res.wri ... ).foo)) |
+| autogenerated/TaintedPath/TaintedPath.js:203:13:203:50 | fs.read ... l).foo) |
+| autogenerated/TaintedPath/TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| autogenerated/TaintedPath/TaintedPath.js:204:3:204:65 | res.wri ... ).foo)) |
+| autogenerated/TaintedPath/TaintedPath.js:204:13:204:64 | fs.read ... )).foo) |
+| autogenerated/TaintedPath/TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| autogenerated/TaintedPath/TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| autogenerated/TaintedPath/TaintedPath.js:205:19:205:36 | require("parseqs") |
+| autogenerated/TaintedPath/TaintedPath.js:206:3:206:57 | res.wri ... ).foo)) |
+| autogenerated/TaintedPath/TaintedPath.js:206:13:206:56 | fs.read ... l).foo) |
+| autogenerated/TaintedPath/TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| autogenerated/TaintedPath/TaintedPath.js:209:12:209:35 | require ... ocess") |
+| autogenerated/TaintedPath/TaintedPath.js:210:14:215:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/TaintedPath.js:211:14:211:37 | url.par ... , true) |
+| autogenerated/TaintedPath/TaintedPath.js:212:3:212:36 | cp.exec ...  path}) |
+| autogenerated/TaintedPath/TaintedPath.js:213:3:213:50 | cp.exec ...  path}) |
+| autogenerated/TaintedPath/TaintedPath.js:214:3:214:40 | cp.exec ...  path}) |
+| autogenerated/TaintedPath/express.js:1:15:1:32 | require("express") |
+| autogenerated/TaintedPath/express.js:2:16:2:44 | require ... pload") |
+| autogenerated/TaintedPath/express.js:4:11:4:19 | express() |
+| autogenerated/TaintedPath/express.js:5:1:5:21 | app.use ... load()) |
+| autogenerated/TaintedPath/express.js:5:9:5:20 | fileUpload() |
+| autogenerated/TaintedPath/express.js:7:1:9:2 | app.get ... ar);\\n}) |
+| autogenerated/TaintedPath/express.js:8:3:8:33 | req.fil ... ry.bar) |
+| autogenerated/TaintedPath/handlebars.js:1:17:1:34 | require('express') |
+| autogenerated/TaintedPath/handlebars.js:2:12:2:32 | require ... ebars") |
+| autogenerated/TaintedPath/handlebars.js:3:12:3:24 | require("fs") |
+| autogenerated/TaintedPath/handlebars.js:5:13:5:21 | express() |
+| autogenerated/TaintedPath/handlebars.js:10:5:12:6 | hb.regi ... \\n    }) |
+| autogenerated/TaintedPath/handlebars.js:11:16:11:40 | fs.read ... lePath) |
+| autogenerated/TaintedPath/handlebars.js:13:5:19:6 | hb.regi ... \\n    }) |
+| autogenerated/TaintedPath/handlebars.js:14:16:15:33 | fs\\n     ... lePath) |
+| autogenerated/TaintedPath/handlebars.js:14:16:16:22 | fs\\n     ... t("\\n") |
+| autogenerated/TaintedPath/handlebars.js:14:16:17:39 | fs\\n     ... + line) |
+| autogenerated/TaintedPath/handlebars.js:14:16:18:21 | fs\\n     ... n("\\n") |
+| autogenerated/TaintedPath/handlebars.js:20:31:20:91 | hb.comp ... ath}}") |
+| autogenerated/TaintedPath/handlebars.js:21:27:21:55 | hb.comp ... ame}}") |
+| autogenerated/TaintedPath/handlebars.js:22:28:22:75 | hb.comp ... late")) |
+| autogenerated/TaintedPath/handlebars.js:22:39:22:74 | fs.read ... plate") |
+| autogenerated/TaintedPath/handlebars.js:23:26:23:111 | hb.comp ... ath}}") |
+| autogenerated/TaintedPath/handlebars.js:28:1:30:2 | app.get ... ile)\\n}) |
+| autogenerated/TaintedPath/handlebars.js:29:5:29:64 | res.sen ... ath })) |
+| autogenerated/TaintedPath/handlebars.js:29:14:29:63 | data.co ... path }) |
+| autogenerated/TaintedPath/handlebars.js:32:1:34:2 | app.get ... ile)\\n}) |
+| autogenerated/TaintedPath/handlebars.js:33:5:33:60 | res.sen ... ame })) |
+| autogenerated/TaintedPath/handlebars.js:33:14:33:59 | data.co ... name }) |
+| autogenerated/TaintedPath/handlebars.js:36:1:38:2 | app.get ...  ok)\\n}) |
+| autogenerated/TaintedPath/handlebars.js:37:5:37:61 | res.sen ... ame })) |
+| autogenerated/TaintedPath/handlebars.js:37:14:37:60 | data.co ... name }) |
+| autogenerated/TaintedPath/handlebars.js:40:1:45:2 | app.get ... }));\\n}) |
+| autogenerated/TaintedPath/handlebars.js:41:5:44:7 | res.sen ...     })) |
+| autogenerated/TaintedPath/handlebars.js:41:14:44:6 | data.co ... \\n    }) |
+| autogenerated/TaintedPath/handlebars.js:47:1:52:2 | app.get ... }));\\n}) |
+| autogenerated/TaintedPath/handlebars.js:48:5:51:7 | res.sen ...     })) |
+| autogenerated/TaintedPath/handlebars.js:48:14:51:6 | data.co ... \\n    }) |
 | autogenerated/TaintedPath/my-async-fs-module.js:1:12:1:24 | require('fs') |
 | autogenerated/TaintedPath/my-async-fs-module.js:2:21:2:39 | require('bluebird') |
 | autogenerated/TaintedPath/my-async-fs-module.js:11:18:14:6 | methods ... \\n}, {}) |
@@ -749,6 +883,24 @@
 | autogenerated/TaintedPath/normalizedPaths.js:366:5:366:32 | fs.read ... stPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:368:3:368:29 | fs.read ... etPath) |
 | autogenerated/TaintedPath/normalizedPaths.js:371:12:371:40 | request ... otPath) |
+| autogenerated/TaintedPath/normalizedPaths.js:376:1:382:2 | app.get ... T OK\\n}) |
+| autogenerated/TaintedPath/normalizedPaths.js:379:3:379:23 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:3:381:30 | fs.read ... (path)) |
+| autogenerated/TaintedPath/normalizedPaths.js:381:19:381:29 | slash(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:384:1:404:2 | app.get ... \\n  }\\n}) |
+| autogenerated/TaintedPath/normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) |
+| autogenerated/TaintedPath/normalizedPaths.js:386:7:386:33 | pathMod ... e(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:388:3:388:23 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:389:8:389:23 | path.match(/\\./) |
+| autogenerated/TaintedPath/normalizedPaths.js:390:5:390:25 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:392:8:392:25 | path.match(/\\.\\./) |
+| autogenerated/TaintedPath/normalizedPaths.js:393:5:393:25 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:395:8:395:27 | path.match(/\\.\\.\\//) |
+| autogenerated/TaintedPath/normalizedPaths.js:396:5:396:25 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:398:8:398:30 | path.ma ... \\/foo/) |
+| autogenerated/TaintedPath/normalizedPaths.js:399:5:399:25 | fs.read ... c(path) |
+| autogenerated/TaintedPath/normalizedPaths.js:401:8:401:36 | path.ma ... \\.\\\\)/) |
+| autogenerated/TaintedPath/normalizedPaths.js:402:5:402:25 | fs.read ... c(path) |
 | autogenerated/TaintedPath/other-fs-libraries.js:1:12:1:26 | require("http") |
 | autogenerated/TaintedPath/other-fs-libraries.js:2:9:2:22 | require("url") |
 | autogenerated/TaintedPath/other-fs-libraries.js:3:8:3:20 | require("fs") |
@@ -781,10 +933,41 @@
 | autogenerated/TaintedPath/other-fs-libraries.js:42:3:42:38 | require ... All(fs) |
 | autogenerated/TaintedPath/other-fs-libraries.js:42:3:42:57 | require ... c(path) |
 | autogenerated/TaintedPath/other-fs-libraries.js:46:17:46:47 | require ... odule") |
-| autogenerated/TaintedPath/other-fs-libraries.js:48:1:53:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/other-fs-libraries.js:48:1:64:2 | http.cr ... T OK\\n}) |
 | autogenerated/TaintedPath/other-fs-libraries.js:49:14:49:37 | url.par ... , true) |
 | autogenerated/TaintedPath/other-fs-libraries.js:51:3:51:23 | fs.read ... c(path) |
 | autogenerated/TaintedPath/other-fs-libraries.js:52:3:52:28 | asyncFS ... c(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:3:54:17 | require("pify") |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:3:54:34 | require ... leSync) |
+| autogenerated/TaintedPath/other-fs-libraries.js:54:3:54:40 | require ... )(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:3:55:17 | require("pify") |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:3:55:21 | require("pify")(fs) |
+| autogenerated/TaintedPath/other-fs-libraries.js:55:3:55:40 | require ... c(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:3:57:27 | require ... isify') |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:3:57:44 | require ... leSync) |
+| autogenerated/TaintedPath/other-fs-libraries.js:57:3:57:50 | require ... )(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:3:59:20 | require("thenify") |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:3:59:37 | require ... leSync) |
+| autogenerated/TaintedPath/other-fs-libraries.js:59:3:59:43 | require ... )(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:61:19:61:37 | require('read-pkg') |
+| autogenerated/TaintedPath/other-fs-libraries.js:62:13:62:48 | readPkg ...  path}) |
+| autogenerated/TaintedPath/other-fs-libraries.js:63:20:63:56 | readPkg ...  path}) |
+| autogenerated/TaintedPath/other-fs-libraries.js:66:16:66:32 | require("mkdirp") |
+| autogenerated/TaintedPath/other-fs-libraries.js:67:1:73:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| autogenerated/TaintedPath/other-fs-libraries.js:70:3:70:23 | fs.read ... c(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:71:3:71:14 | mkdirp(path) |
+| autogenerated/TaintedPath/other-fs-libraries.js:72:3:72:19 | mkdirp.sync(path) |
+| autogenerated/TaintedPath/prettier.js:1:17:1:34 | require('express') |
+| autogenerated/TaintedPath/prettier.js:2:18:2:36 | require("prettier") |
+| autogenerated/TaintedPath/prettier.js:4:13:4:21 | express() |
+| autogenerated/TaintedPath/prettier.js:5:1:14:2 | app.get ...  });\\n}) |
+| autogenerated/TaintedPath/prettier.js:7:5:7:29 | prettie ... nfig(p) |
+| autogenerated/TaintedPath/prettier.js:7:5:9:6 | prettie ... \\n    }) |
+| autogenerated/TaintedPath/prettier.js:8:27:8:57 | prettie ... ptions) |
+| autogenerated/TaintedPath/prettier.js:11:5:11:46 | prettie ... ig: p}) |
+| autogenerated/TaintedPath/prettier.js:11:5:13:6 | prettie ... \\n    }) |
+| autogenerated/TaintedPath/prettier.js:12:27:12:57 | prettie ... ptions) |
 | autogenerated/TaintedPath/pupeteer.js:1:19:1:38 | require('puppeteer') |
 | autogenerated/TaintedPath/pupeteer.js:2:22:2:45 | require ... rrent') |
 | autogenerated/TaintedPath/pupeteer.js:5:28:5:48 | parseTo ... orrent) |
@@ -812,6 +995,15 @@
 | autogenerated/TaintedPath/tainted-access-paths.js:30:7:30:31 | fs.read ... j.sub4) |
 | autogenerated/TaintedPath/tainted-access-paths.js:31:7:31:31 | fs.read ... j.sub4) |
 | autogenerated/TaintedPath/tainted-access-paths.js:34:1:34:15 | server.listen() |
+| autogenerated/TaintedPath/tainted-access-paths.js:36:14:36:31 | require('node:fs') |
+| autogenerated/TaintedPath/tainted-access-paths.js:38:15:41:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/tainted-access-paths.js:39:14:39:37 | url.par ... , true) |
+| autogenerated/TaintedPath/tainted-access-paths.js:40:3:40:27 | nodefs. ... c(path) |
+| autogenerated/TaintedPath/tainted-access-paths.js:43:1:43:16 | server2.listen() |
+| autogenerated/TaintedPath/tainted-access-paths.js:45:16:45:32 | require("chownr") |
+| autogenerated/TaintedPath/tainted-access-paths.js:47:15:50:2 | http.cr ... T OK\\n}) |
+| autogenerated/TaintedPath/tainted-access-paths.js:48:14:48:37 | url.par ... , true) |
+| autogenerated/TaintedPath/tainted-access-paths.js:49:3:49:55 | chownr( ... rr) {}) |
 | autogenerated/TaintedPath/tainted-array-steps.js:1:10:1:22 | require('fs') |
 | autogenerated/TaintedPath/tainted-array-steps.js:2:12:2:26 | require('http') |
 | autogenerated/TaintedPath/tainted-array-steps.js:3:11:3:24 | require('url') |
@@ -833,6 +1025,12 @@
 | autogenerated/TaintedPath/tainted-require.js:5:1:8:2 | app.get ... "));\\n}) |
 | autogenerated/TaintedPath/tainted-require.js:7:11:7:38 | require ... dule")) |
 | autogenerated/TaintedPath/tainted-require.js:7:19:7:37 | req.param("module") |
+| autogenerated/TaintedPath/tainted-require.js:10:17:10:34 | require("resolve") |
+| autogenerated/TaintedPath/tainted-require.js:11:1:17:2 | app.get ...  });\\n}) |
+| autogenerated/TaintedPath/tainted-require.js:12:16:12:48 | resolve ... dule")) |
+| autogenerated/TaintedPath/tainted-require.js:12:29:12:47 | req.param("module") |
+| autogenerated/TaintedPath/tainted-require.js:14:3:16:4 | resolve ... s;\\n  }) |
+| autogenerated/TaintedPath/tainted-require.js:14:11:14:29 | req.param("module") |
 | autogenerated/TaintedPath/tainted-sendFile.js:1:15:1:32 | require('express') |
 | autogenerated/TaintedPath/tainted-sendFile.js:2:12:2:26 | require('path') |
 | autogenerated/TaintedPath/tainted-sendFile.js:4:11:4:19 | express() |
@@ -938,6 +1136,9 @@
 | autogenerated/Xss/DomBasedXss/addEventListener.js:13:9:13:30 | documen ... y.data) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:5:16:71 | window. ... ems'})) |
 | autogenerated/Xss/DomBasedXss/addEventListener.js:16:40:16:70 | foo.bin ... tems'}) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:22:9:22:30 | documen ... e.data) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:26:13:26:36 | mySet.i ... origin) |
+| autogenerated/Xss/DomBasedXss/addEventListener.js:27:13:27:34 | documen ... e.data) |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:6:2:10:2 | Compone ... ss']\\n}) |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:5:22:72 | this.sa ... ).href) |
 | autogenerated/Xss/DomBasedXss/angular2-client.ts:22:44:22:52 | \\u0275getDOM() |
@@ -970,6 +1171,49 @@
 | autogenerated/Xss/DomBasedXss/classnames.js:13:47:13:68 | safeSty ... w.name) |
 | autogenerated/Xss/DomBasedXss/classnames.js:14:47:14:62 | safeStyle('foo') |
 | autogenerated/Xss/DomBasedXss/classnames.js:15:47:15:63 | clsx(window.name) |
+| autogenerated/Xss/DomBasedXss/classnames.js:17:48:17:64 | clsx(window.name) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:1:1:9 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:1:1:1:28 | $("#foo ...  paste) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:7:18:7:52 | clipboa ... plain') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:8:18:8:51 | clipboa ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:11:5:11:22 | e.preventDefault() |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:13:17:13:45 | documen ... ('div') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:19:5:19:29 | documen ... nd(div) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:23:5:25:6 | el.addE ... \\n    }) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:9:24:16 | $("#id") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:9:24:59 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:24:23:24:58 | e.clipb ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:28:1:30:2 | documen ... T OK\\n}) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:5:29:12 | $("#id") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:5:29:55 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:29:19:29:54 | e.clipb ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:1:32:9 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:32:1:34:2 | $("#foo ... T OK\\n}) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:5:33:12 | $("#id") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:5:33:69 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:33:19:33:68 | e.origi ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:37:15:37:43 | documen ... ("div") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:42:22:42:56 | clipboa ... plain') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:43:22:43:55 | clipboa ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:46:9:46:26 | e.preventDefault() |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:48:21:48:49 | documen ... ('div') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:54:9:54:33 | documen ... nd(div) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:70:9:70:51 | e.clipb ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:71:27:71:62 | e.clipb ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:72:25:72:54 | documen ... 'html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:74:20:74:56 | contain ... ('img') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:77:9:77:26 | dropItems.add(src) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:79:16:79:59 | e.clipb ... plain') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:80:25:80:61 | e.clipb ... plain') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:82:11:82:41 | /^https ... inText) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:83:9:83:32 | dropIte ... inText) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:87:24:87:44 | Array.f ... pItems) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:93:15:93:43 | documen ... ("div") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:94:5:100:6 | div.add ... \\n    }) |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:98:22:98:54 | dataTra ... /html') |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:9:99:16 | $("#id") |
+| autogenerated/Xss/DomBasedXss/clipboard.ts:99:9:99:27 | $("#id").html(html) |
+| autogenerated/Xss/DomBasedXss/custom-element.js:3:37:3:36 | super(...args) |
 | autogenerated/Xss/DomBasedXss/d3.js:1:12:1:24 | require('d3') |
 | autogenerated/Xss/DomBasedXss/d3.js:8:5:8:22 | d3.select('#main') |
 | autogenerated/Xss/DomBasedXss/d3.js:8:5:9:27 | d3.sele ... ', 100) |
@@ -995,6 +1239,74 @@
 | autogenerated/Xss/DomBasedXss/dates.js:17:42:17:54 | moment(taint) |
 | autogenerated/Xss/DomBasedXss/dates.js:17:42:17:63 | moment( ... ormat() |
 | autogenerated/Xss/DomBasedXss/dates.js:18:42:18:64 | datefor ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:21:42:21:52 | dayjs(time) |
+| autogenerated/Xss/DomBasedXss/dates.js:21:42:21:66 | dayjs(t ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:30:17:30:69 | decodeU ... ing(1)) |
+| autogenerated/Xss/DomBasedXss/dates.js:30:36:30:68 | window. ... ring(1) |
+| autogenerated/Xss/DomBasedXss/dates.js:37:42:37:82 | dateFns ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:38:42:38:82 | luxon.f ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:38:63:38:74 | luxon.date() |
+| autogenerated/Xss/DomBasedXss/dates.js:39:42:39:84 | moment. ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:39:64:39:76 | moment.date() |
+| autogenerated/Xss/DomBasedXss/dates.js:40:42:40:82 | dayjs.f ...  taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:40:63:40:74 | dayjs.date() |
+| autogenerated/Xss/DomBasedXss/dates.js:46:17:46:69 | decodeU ... ing(1)) |
+| autogenerated/Xss/DomBasedXss/dates.js:46:36:46:68 | window. ... ring(1) |
+| autogenerated/Xss/DomBasedXss/dates.js:48:42:48:55 | DateTime.now() |
+| autogenerated/Xss/DomBasedXss/dates.js:48:42:48:72 | DateTim ... rs: 1}) |
+| autogenerated/Xss/DomBasedXss/dates.js:48:42:48:88 | DateTim ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:49:42:49:71 | new Dat ... e('fr') |
+| autogenerated/Xss/DomBasedXss/dates.js:49:42:49:87 | new Dat ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:50:42:50:71 | DateTim ... 01-01") |
+| autogenerated/Xss/DomBasedXss/dates.js:50:42:50:86 | DateTim ... ('day') |
+| autogenerated/Xss/DomBasedXss/dates.js:50:42:50:102 | DateTim ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:54:17:54:69 | decodeU ... ing(1)) |
+| autogenerated/Xss/DomBasedXss/dates.js:54:36:54:68 | window. ... ring(1) |
+| autogenerated/Xss/DomBasedXss/dates.js:57:42:57:85 | moment. ... 1"), 1) |
+| autogenerated/Xss/DomBasedXss/dates.js:57:42:57:99 | moment. ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:57:57:57:81 | moment. ... 06-21") |
+| autogenerated/Xss/DomBasedXss/dates.js:59:42:59:69 | luxon.e ... date()) |
+| autogenerated/Xss/DomBasedXss/dates.js:59:42:59:85 | luxon.e ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:59:57:59:68 | luxon.date() |
+| autogenerated/Xss/DomBasedXss/dates.js:61:42:61:72 | dayjs.s ... e(), 4) |
+| autogenerated/Xss/DomBasedXss/dates.js:61:42:61:86 | dayjs.s ... (taint) |
+| autogenerated/Xss/DomBasedXss/dates.js:61:57:61:68 | dayjs.date() |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:1:1:9 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:1:1:1:26 | $("#foo ... , drop) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:7:18:7:51 | dataTra ... plain') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:8:18:8:50 | dataTra ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:11:5:11:22 | e.preventDefault() |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:13:17:13:45 | documen ... ('div') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:19:5:19:29 | documen ... nd(div) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:23:5:25:6 | el.addE ... \\n    }) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:9:24:16 | $("#id") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:9:24:58 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:28:1:30:2 | documen ... T OK\\n}) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:5:29:12 | $("#id") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:5:29:54 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:1:32:9 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:32:1:34:2 | $("#foo ... T OK\\n}) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:5:33:12 | $("#id") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:5:33:68 | $("#id" ... html')) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:33:19:33:67 | e.origi ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:37:15:37:43 | documen ... ("div") |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:42:22:42:55 | dataTra ... plain') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:43:22:43:54 | dataTra ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:46:9:46:26 | e.preventDefault() |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:48:21:48:49 | documen ... ('div') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:54:9:54:33 | documen ... nd(div) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:70:9:70:50 | e.dataT ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:72:25:72:54 | documen ... 'html') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:74:20:74:56 | contain ... ('img') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:77:9:77:26 | dropItems.add(src) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:79:16:79:58 | e.dataT ... plain') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:80:25:80:60 | e.dataT ... plain') |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:82:11:82:41 | /^https ... inText) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:83:9:83:32 | dropIte ... inText) |
+| autogenerated/Xss/DomBasedXss/dragAndDrop.ts:87:24:87:44 | Array.f ... pItems) |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:3:3:58 | $('<a h ... k</a>') |
 | autogenerated/Xss/DomBasedXss/encodeuri.js:3:19:3:41 | encodeU ... nt(loc) |
 | autogenerated/Xss/DomBasedXss/event-handler-receiver.js:1:1:1:32 | documen ... my-id') |
@@ -1017,6 +1329,28 @@
 | autogenerated/Xss/DomBasedXss/jquery.js:15:19:15:60 | decodeU ... search) |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:19:16:64 | decodeU ... ring()) |
 | autogenerated/Xss/DomBasedXss/jquery.js:16:38:16:63 | window. ... tring() |
+| autogenerated/Xss/DomBasedXss/jquery.js:19:3:19:9 | $(hash) |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:3:21:22 | $(hash.substring(1)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:21:5:21:21 | hash.substring(1) |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:3:22:26 | $(hash. ... 1, 10)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:22:5:22:25 | hash.su ... (1, 10) |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:3:23:19 | $(hash.substr(1)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:23:5:23:18 | hash.substr(1) |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:3:24:18 | $(hash.slice(1)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:24:5:24:17 | hash.slice(1) |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:3:25:26 | $(hash. ... 0, 10)) |
+| autogenerated/Xss/DomBasedXss/jquery.js:25:5:25:25 | hash.su ... (0, 10) |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:3:27:26 | $(hash. ... ', '')) |
+| autogenerated/Xss/DomBasedXss/jquery.js:27:5:27:25 | hash.re ... #', '') |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:3:28:44 | $(windo ... ', '')) |
+| autogenerated/Xss/DomBasedXss/jquery.js:28:5:28:43 | window. ... ?', '') |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:3:29:26 | $(hash. ... ', '')) |
+| autogenerated/Xss/DomBasedXss/jquery.js:29:5:29:25 | hash.re ... !', '') |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:3:30:29 | $(hash. ... ', '')) |
+| autogenerated/Xss/DomBasedXss/jquery.js:30:5:30:28 | hash.re ... h', '') |
+| autogenerated/Xss/DomBasedXss/jquery.js:32:3:32:18 | $(hash + 'blah') |
+| autogenerated/Xss/DomBasedXss/jquery.js:33:3:33:18 | $('blah' + hash) |
+| autogenerated/Xss/DomBasedXss/jquery.js:34:3:34:26 | $('<b>' ... '</b>') |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:1:15:1:32 | require('express') |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:2:11:2:19 | express() |
 | autogenerated/Xss/DomBasedXss/jwt-server.js:6:1:13:2 | app.get ...  });\\n}) |
@@ -1149,6 +1483,12 @@
 | autogenerated/Xss/DomBasedXss/translate.js:11:3:11:22 | $('translated-term') |
 | autogenerated/Xss/DomBasedXss/translate.js:11:3:11:64 | $('tran ... erm')]) |
 | autogenerated/Xss/DomBasedXss/translate.js:11:39:11:62 | searchP ... 'term') |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:2:21:2:74 | trusted ... => x }) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:3:5:3:35 | policy1 ... w.name) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:5:21:5:79 | trusted ... afe' }) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:6:5:6:35 | policy2 ... w.name) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:8:21:8:74 | trusted ... => x }) |
+| autogenerated/Xss/DomBasedXss/trusted-types.js:9:5:9:30 | policy3 ... 'safe') |
 | autogenerated/Xss/DomBasedXss/tst3.js:1:11:1:40 | documen ... ("foo") |
 | autogenerated/Xss/DomBasedXss/tst3.js:2:12:2:75 | JSON.pa ... tr(1))) |
 | autogenerated/Xss/DomBasedXss/tst3.js:2:23:2:74 | decodeU ... str(1)) |
@@ -1364,6 +1704,45 @@
 | autogenerated/Xss/DomBasedXss/tst.js:432:3:432:11 | $("#foo") |
 | autogenerated/Xss/DomBasedXss/tst.js:432:3:432:44 | $("#foo ... g, '')) |
 | autogenerated/Xss/DomBasedXss/tst.js:432:18:432:43 | target. ... /g, '') |
+| autogenerated/Xss/DomBasedXss/tst.js:441:2:441:39 | new Ele ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:442:2:442:41 | new Ele ... ource}) |
+| autogenerated/Xss/DomBasedXss/tst.js:443:2:443:47 | new Ele ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:444:2:444:51 | new Ele ... ource}) |
+| autogenerated/Xss/DomBasedXss/tst.js:445:2:445:38 | new Ele ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:449:17:449:39 | require ... -html') |
+| autogenerated/Xss/DomBasedXss/tst.js:455:3:455:11 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/tst.js:455:3:455:24 | $("#foo ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:3:456:11 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/tst.js:456:3:456:43 | $("#foo ... ource)) |
+| autogenerated/Xss/DomBasedXss/tst.js:456:18:456:42 | ansiToH ... source) |
+| autogenerated/Xss/DomBasedXss/tst.js:462:15:462:48 | documen ... table') |
+| autogenerated/Xss/DomBasedXss/tst.js:464:13:464:31 | table.insertRow(-1) |
+| autogenerated/Xss/DomBasedXss/tst.js:466:14:466:29 | row.insertCell() |
+| autogenerated/Xss/DomBasedXss/tst.js:471:13:471:46 | documen ... bstr(1) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:3:473:23 | $("<a>" ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:473:3:473:40 | $("<a>" ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:474:3:474:11 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/tst.js:474:3:474:29 | $("#foo ... ", url) |
+| autogenerated/Xss/DomBasedXss/tst.js:475:3:475:11 | $("#foo") |
+| autogenerated/Xss/DomBasedXss/tst.js:475:3:475:29 | $("#foo ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:3:476:24 | $("<img ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:476:3:476:41 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:477:3:477:37 | $("<a>" ... .href}) |
+| autogenerated/Xss/DomBasedXss/tst.js:477:3:477:54 | $("<a>" ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:479:3:479:47 | $("<img ... + url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:479:3:479:64 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:481:3:481:57 | $("<img ... ("/")}) |
+| autogenerated/Xss/DomBasedXss/tst.js:481:3:481:74 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:481:20:481:55 | ["http: ... in("/") |
+| autogenerated/Xss/DomBasedXss/tst.js:483:7:483:32 | url.sta ... ps://") |
+| autogenerated/Xss/DomBasedXss/tst.js:484:5:484:26 | $("<img ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:484:5:484:43 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:486:5:486:26 | $("<img ... : url}) |
+| autogenerated/Xss/DomBasedXss/tst.js:486:5:486:43 | $("<img ... "body") |
+| autogenerated/Xss/DomBasedXss/tst.js:489:3:489:38 | window. ... str(1)) |
+| autogenerated/Xss/DomBasedXss/tst.js:489:15:489:37 | locatio ... bstr(1) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:3:491:46 | navigat ... str(1)) |
+| autogenerated/Xss/DomBasedXss/tst.js:491:23:491:45 | locatio ... bstr(1) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:5:3:5:28 | autocom ... alize() |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:3:6:17 | $('.typeahead') |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:3:13:4 | $('.typ ...  }\\n  }) |
@@ -1403,12 +1782,30 @@
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:9:9:40 | $("#myT ... essage) |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:12:9:12:18 | xhr.send() |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:9:14:26 | console.log(error) |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:1:18:11 | $(document) |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:18:1:24:2 | $(docum ... ces\\n\\n}) |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:19:17:19:30 | require('got') |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:20:24:20:48 | got.get ... rl }}") |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:5:22:17 | $("#myThing") |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:22:5:22:36 | $("#myT ... essage) |
 | autogenerated/Xss/ExceptionXss/ajv.js:4:11:4:19 | express() |
 | autogenerated/Xss/ExceptionXss/ajv.js:7:1:7:83 | ajv.add ... lData') |
 | autogenerated/Xss/ExceptionXss/ajv.js:9:1:13:2 | app.pos ...    }\\n}) |
 | autogenerated/Xss/ExceptionXss/ajv.js:10:10:10:43 | ajv.val ... q.body) |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:9:11:34 | res.sen ... Text()) |
 | autogenerated/Xss/ExceptionXss/ajv.js:11:18:11:33 | ajv.errorsText() |
+| autogenerated/Xss/ExceptionXss/ajv.js:15:13:15:26 | require("joi") |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:19:16:30 | joi.object() |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:19:19:2 | joi.obj ... ed()\\n}) |
+| autogenerated/Xss/ExceptionXss/ajv.js:16:19:19:22 | joi.obj ...  'age') |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:22 | joi.string() |
+| autogenerated/Xss/ExceptionXss/ajv.js:17:11:17:33 | joi.str ... uired() |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:21 | joi.number() |
+| autogenerated/Xss/ExceptionXss/ajv.js:18:10:18:32 | joi.num ... uired() |
+| autogenerated/Xss/ExceptionXss/ajv.js:21:1:26:2 | app.pos ...    }\\n}) |
+| autogenerated/Xss/ExceptionXss/ajv.js:22:17:22:44 | joiSche ... q.body) |
+| autogenerated/Xss/ExceptionXss/ajv.js:24:9:24:27 | res.send(val.error) |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:5:3:5:12 | unknown(x) |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:9:3:9:14 | unknown(foo) |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:3:11:11 | $('myId') |
@@ -1589,6 +1986,8 @@
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:67 | markdow ... nknown) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:12:103:84 | markdow ... q.body) |
 | autogenerated/Xss/ReflectedXss/ReflectedXss.js:103:27:103:53 | require ... -abbr') |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:106:12:106:26 | require('hapi') |
+| autogenerated/Xss/ReflectedXss/ReflectedXss.js:108:1:111:7 | hapi.ro ...     }}) |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:1:15:1:32 | require('express') |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:2:11:2:19 | express() |
 | autogenerated/Xss/ReflectedXss/ReflectedXssContentTypes.js:4:1:12:2 | app.get ... \\n  }\\n}) |
@@ -1708,6 +2107,11 @@
 | autogenerated/Xss/ReflectedXss/formatting.js:7:5:7:54 | res.sen ...  evil)) |
 | autogenerated/Xss/ReflectedXss/formatting.js:7:14:7:30 | require("printf") |
 | autogenerated/Xss/ReflectedXss/formatting.js:7:14:7:53 | require ... , evil) |
+| autogenerated/Xss/ReflectedXss/live-server.js:1:18:1:39 | require ... erver") |
+| autogenerated/Xss/ReflectedXss/live-server.js:6:5:6:51 | res.end ... html>`) |
+| autogenerated/Xss/ReflectedXss/live-server.js:9:1:13:2 | middlew ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/live-server.js:12:5:12:51 | res.end ... html>`) |
+| autogenerated/Xss/ReflectedXss/live-server.js:18:1:18:24 | liveSer ... params) |
 | autogenerated/Xss/ReflectedXss/pages/api/myapi.js:2:5:2:21 | res.send(req.url) |
 | autogenerated/Xss/ReflectedXss/partial.js:1:15:1:32 | require('express') |
 | autogenerated/Xss/ReflectedXss/partial.js:2:18:2:38 | require ... score') |
@@ -1756,6 +2160,43 @@
 | autogenerated/Xss/ReflectedXss/tst2.js:18:3:18:13 | res.send(p) |
 | autogenerated/Xss/ReflectedXss/tst2.js:21:5:21:15 | res.send(p) |
 | autogenerated/Xss/ReflectedXss/tst2.js:23:5:23:15 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:27:15:27:30 | require('clone') |
+| autogenerated/Xss/ReflectedXss/tst2.js:29:1:38:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:34:15:34:24 | clone(obj) |
+| autogenerated/Xss/ReflectedXss/tst2.js:36:3:36:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:37:3:37:19 | res.send(other.p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:40:29:40:59 | require ... cript') |
+| autogenerated/Xss/ReflectedXss/tst2.js:42:1:52:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:45:20:45:41 | seriali ... ript(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:47:3:47:22 | res.send(serialized) |
+| autogenerated/Xss/ReflectedXss/tst2.js:49:16:49:53 | seriali ...  true}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:51:3:51:18 | res.send(unsafe) |
+| autogenerated/Xss/ReflectedXss/tst2.js:54:16:54:32 | require('fclone') |
+| autogenerated/Xss/ReflectedXss/tst2.js:56:1:65:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:61:15:61:25 | fclone(obj) |
+| autogenerated/Xss/ReflectedXss/tst2.js:63:3:63:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:64:3:64:19 | res.send(other.p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:67:12:67:32 | require ... cycle') |
+| autogenerated/Xss/ReflectedXss/tst2.js:68:1:77:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:15:73:44 | jc.retr ... e(obj)) |
+| autogenerated/Xss/ReflectedXss/tst2.js:73:29:73:43 | jc.decycle(obj) |
+| autogenerated/Xss/ReflectedXss/tst2.js:75:3:75:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:76:3:76:19 | res.send(other.p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:79:18:79:37 | require('sort-keys') |
+| autogenerated/Xss/ReflectedXss/tst2.js:81:1:90:2 | app.get ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst2.js:86:15:86:27 | sortKeys(obj) |
+| autogenerated/Xss/ReflectedXss/tst2.js:88:3:88:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst2.js:89:3:89:19 | res.send(other.p) |
+| autogenerated/Xss/ReflectedXss/tst3.js:1:15:1:32 | require('express') |
+| autogenerated/Xss/ReflectedXss/tst3.js:3:11:3:19 | express() |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:1:4:26 | app.ena ... ed-by') |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:1:4:50 | app.ena ... ed-by') |
+| autogenerated/Xss/ReflectedXss/tst3.js:4:1:7:2 | app.ena ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst3.js:6:3:6:13 | res.send(p) |
+| autogenerated/Xss/ReflectedXss/tst3.js:9:18:9:36 | require("prettier") |
+| autogenerated/Xss/ReflectedXss/tst3.js:10:1:13:2 | app.pos ... T OK\\n}) |
+| autogenerated/Xss/ReflectedXss/tst3.js:11:16:11:74 | prettie ... bel" }) |
+| autogenerated/Xss/ReflectedXss/tst3.js:12:3:12:16 | res.send(code) |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:1:12:1:26 | require('http') |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:2:10:2:22 | require('fs') |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:4:15:4:32 | require('express') |
@@ -1783,6 +2224,13 @@
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:3:3:42 | define( ... actory) |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:5:8:43 | $("<spa ... span>") |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:8:18:8:30 | $.trim("foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:5:12:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:12:5:12:54 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:5:14:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:14:5:14:48 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/index.ts:3:5:3:35 | documen ... #html") |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib2/src/MyNode.ts:3:5:3:35 | documen ... #html") |
+| autogenerated/Xss/UnsafeHtmlConstruction/lib/src/MyNode.ts:3:5:3:35 | documen ... #html") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:3:5:3:35 | documen ... #html") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:7:17:7:62 | new DOM ... t/xml") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:8:5:8:34 | documen ... "#xml") |
@@ -1815,6 +2263,32 @@
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:69:41:69:60 | attrVal.indexOf("'") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:70:9:70:37 | documen ... ("#id") |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:76:5:76:39 | documen ... plate") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:9:81:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:81:9:81:50 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:9:83:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:83:9:83:50 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:9:85:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:85:9:85:50 | $("#foo ... span>") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:5:94:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:94:5:94:33 | $("#foo ... TML(x)) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:97:19:97:36 | require('mermaid') |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:99:5:101:6 | myMerma ... \\n    }) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:9:100:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:100:9:100:27 | $("#foo").html(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:5:103:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:5:103:45 | $("#foo ... d", x)) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:103:20:103:44 | myMerma ... id", x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:105:5:107:6 | mermaid ... \\n    }) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:9:106:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:106:9:106:27 | $("#foo").html(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:5:109:13 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:5:109:43 | $("#foo ... d", x)) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:109:20:109:42 | mermaid ... id", x) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:111:5:113:6 | mermaid ... \\n    }) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:9:112:17 | $("#foo") |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:112:9:112:27 | $("#foo").html(svg) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:117:18:117:35 | markdown.render(s) |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:118:5:118:39 | documen ... kdown") |
 | autogenerated/Xss/UnsafeHtmlConstruction/typed.ts:7:20:7:65 | documen ... ent("") |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:3:3:3:12 | $(options) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:5:3:5:19 | $(options.target) |
@@ -1882,6 +2356,10 @@
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:179:3:179:19 | $(options.target) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:3:182:13 | $(document) |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:3:182:34 | $(docum ... target) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:187:11:187:44 | doSomet ... ments ) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:190:13:190:35 | $.exten ... tions ) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:192:16:192:30 | $( options.of ) |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:193:3:193:21 | console.log(target) |
 | autogenerated/Xss/XssThroughDom/forms.js:9:17:9:24 | $("#id") |
 | autogenerated/Xss/XssThroughDom/forms.js:9:17:9:41 | $("#id" ... es.foo) |
 | autogenerated/Xss/XssThroughDom/forms.js:12:17:12:24 | $("#id") |
@@ -2030,6 +2508,384 @@
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:64 | $(this) ... rCase() |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:83 | $(this) ... g, '-') |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:37:90:106 | $(this) ... +/g,'') |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:2:93:9 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:2:93:47 | $("#id" ... .value) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:24 | $("#foo") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:93:16:93:37 | $("#foo ... ".bla") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:3:96:10 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:3:96:48 | $("#id" ... .value) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:25 | $("#foo") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:96:17:96:38 | $("#foo ... ".bla") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:13:102:20 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:102:13:102:27 | $("#id").get(0) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:3:109:10 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:109:3:109:17 | $("#id").get(0) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:114:17:114:48 | documen ... #link") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:2:115:9 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:115:2:115:19 | $("#id").html(src) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:5:117:12 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:117:5:117:29 | $("#id" ... ", src) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:119:5:119:18 | $("input.foo") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:9:120:16 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:120:9:120:46 | $("#id" ... ].name) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:9:122:19 | $("img#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:9:122:72 | $("img# ... es[0])) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:127:13:127:39 | documen ... nt('a') |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:128:21:128:34 | getSelection() |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:129:21:129:43 | documen ... ction() |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:130:17:130:37 | wSelect ... tring() |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:130:42:130:62 | dSelect ... tring() |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:2:132:9 | $("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:132:2:132:24 | $("#id" ... nkText) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:136:17:136:35 | require("cash-dom") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:139:17:139:48 | documen ... #link") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:2:140:12 | cash("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:140:2:140:22 | cash("# ... ml(src) |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:5:141:18 | cashDom("#id") |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:141:5:141:28 | cashDom ... ml(src) |
+| autogenerated/XssThroughDom/BadTagFilter/tst.js:25:1:25:18 | doFilters(filters) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:10:2:34 | s.repla ... quot;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:10:3:34 | s.repla ... apos;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:2:10:4:33 | s.repla ... &amp;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:10:8:33 | s.repla ... &amp;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:10:9:34 | s.repla ... quot;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:8:10:10:34 | s.repla ... apos;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:10:14:35 | s.repla ... , "\\"") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:10:15:34 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:14:10:16:33 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:10:20:33 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:10:21:35 | s.repla ... , "\\"") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:20:10:22:34 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:12:26:37 | code.re ... '&lt;') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:12:26:59 | code.re ... '&gt;') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:26:12:26:94 | code.re ... &amp;') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:10:30:33 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:10:31:43 | s.repla ... "else") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:30:10:32:34 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:9:38:34 | s.repla ... , "\\"") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:9:39:33 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:38:9:40:32 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:41:5:41:15 | res.push(s) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:47:7:47:30 | s.repla ... g, "&") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:48:7:48:32 | s.repla ... , "\\"") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:49:10:49:34 | s.repla ... g, "'") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:10:53:33 | s.repla ... , '\\\\') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:10:54:33 | s.repla ... , '\\'') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:53:10:55:33 | s.repla ... , '\\"') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:59:7:59:28 | s.repla ...  '%26') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:60:7:60:28 | s.repla ...  '%25') |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:10:68:39 | s.repla ... quot;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:10:69:39 | s.repla ... apos;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:68:10:70:38 | s.repla ... &amp;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:10:79:43 | s.repla ... epl[c]) |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:79:10:79:66 | s.repla ... &amp;") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:10:84:33 | s.repla ... , "\\\\") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:84:10:84:56 | s.repla ... "\\\\\\\\") |
+| autogenerated/XssThroughDom/DoubleEscaping/tst.js:90:16:90:46 | capture ... "\\\\\\\\") |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:6:2:9:2 | html.re ... nded\\n\\t) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:10:2:10:68 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:13:2:16:2 | html.re ... nded\\n\\t) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:17:2:17:48 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:20:2:23:2 | html.re ... nded\\n\\t) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:24:2:24:49 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:26:2:26:39 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:30:2:30:37 | html.re ... panded) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:35:2:35:44 | html.re ... nded()) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:36:2:36:40 | html.re ... ething) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:37:2:37:32 | default ... ething) |
+| autogenerated/XssThroughDom/IncompleteSanitization/UnsafeHtmlExpansion.js:38:2:38:30 | getPatt ... ething) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:3:13:3:57 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:4:13:4:47 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:5:13:5:49 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:9:13:9:47 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:10:13:10:49 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:11:13:11:51 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:19:3:19:35 | respons ... pt, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:25:10:25:40 | text.re ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:29:10:29:33 | /<!--\|- ... t(text) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:30:12:30:42 | text.re ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:38:8:38:30 | id.repl ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:42:8:42:45 | id.repl ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:49:13:49:43 | req.url ... EL, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:58:22:58:43 | req.url ... ng(beg) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:64:7:64:73 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:66:7:66:56 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:68:7:68:34 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:70:7:70:36 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:71:7:71:30 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:72:7:72:45 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:73:7:73:35 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:75:7:75:37 | x.repla ... gm, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:76:7:76:35 | x.repla ... +/, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:77:7:77:36 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:79:7:79:49 | x.repla ... , "\\n") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:81:7:81:58 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:82:7:82:50 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:83:7:83:63 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:85:7:85:48 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:87:7:87:47 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:89:7:89:35 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:92:7:96:4 | x.repla ... ";\\n  }) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:98:7:98:53 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:100:7:100:28 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:101:7:101:30 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:102:7:102:30 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:104:7:104:58 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:106:7:106:64 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:107:7:107:62 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:108:7:108:75 | x.repla ... gm, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:109:7:109:58 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:110:7:110:50 | x.repla ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:111:7:111:32 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:112:7:112:50 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:113:7:113:41 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:115:10:115:23 | x.indexOf(".") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:116:9:117:27 | x\\n      ... //, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:116:9:118:29 | x\\n      ... /, "/") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:116:9:119:36 | x\\n      ... //, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:122:7:122:35 | x.repla ... +/, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:124:7:124:53 | x.repla ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:126:7:127:25 | x\\n    . ... //, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:126:7:128:27 | x\\n    . ... /, "/") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:126:7:129:34 | x\\n    . ... //, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:135:2:135:44 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:136:2:136:46 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:137:2:137:48 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:138:2:138:48 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:142:13:142:62 | content ... gi, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:143:13:143:56 | content ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:144:13:144:91 | content ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:145:13:145:90 | content ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:146:13:146:43 | content ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:3:148:20 | n.cloneNode(false) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:3:148:99 | n.clone ... gi, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:148:3:150:4 | n.clone ... );\\n  }) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:149:5:149:41 | o.push( ... e : a}) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:3:152:20 | n.cloneNode(false) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:3:152:99 | n.clone ... gi, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:152:3:154:4 | n.clone ... );\\n  }) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst-multi-character-sanitization.js:153:5:153:41 | o.push( ... e : a}) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:1:15:1:32 | require('express') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:2:11:2:19 | express() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:5:10:5:27 | s.replace("'", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:9:10:9:27 | s.replace(/'/, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:13:10:13:31 | s.repla ...  "\\\\'") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:17:10:17:32 | s.repla ... "\\\\$&") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:21:10:21:35 | s.repla ... "\\\\$&") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:25:10:25:37 | s.repla ... "\\\\$1") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:29:10:29:36 | s.repla ... "\\\\$1") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:33:10:33:27 | s.replace('\|', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:37:10:37:32 | s.repla ... "\\\\\\"") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:41:10:41:30 | s.repla ...  "%2F") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:45:10:45:30 | s.repla ... ", "%") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:49:10:49:27 | s.replace(`'`, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:53:10:53:27 | s.replace("'", ``) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:57:10:57:27 | s.replace(`'`, ``) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:61:10:61:32 | s.repla ... "", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:65:10:65:32 | s.repla ... " + "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:69:10:69:37 | s.repla ... " + "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:73:10:73:23 | s.indexOf("'") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:74:9:74:26 | s.replace("'", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:79:10:79:23 | s.indexOf("'") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:80:9:80:26 | s.replace(/'/, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:85:10:85:36 | s.repla ... id10t") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:89:10:89:32 | s.repla ... "\\\\d+") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:10:93:33 | s.repla ... "\\\\\\\\") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:93:10:93:58 | s.repla ... "\\\\$&") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:10:97:35 | s.repla ... '\\\\\\\\') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:97:10:97:59 | s.repla ...  '\\\\"') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:101:7:101:32 | s.repla ... '\\\\\\\\') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:102:10:102:34 | s.repla ...  '\\\\"') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:106:10:106:33 | s.repla ... '\\\\$&') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:110:10:110:38 | s.repla ... '\\\\$&') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:114:7:114:23 | JSON.stringify(s) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:115:7:115:20 | s.slice(1, -1) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:116:7:116:28 | s.repla ... g, '"') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:117:7:117:28 | s.repla ...  "\\\\'") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:122:10:122:30 | s.repla ... , '\\u1f4a9\\udca9') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:126:10:126:30 | s.repla ... , "42") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:2:130:19 | s.replace('[', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:130:2:130:36 | s.repla ... ]', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:2:131:19 | s.replace('(', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:131:2:131:36 | s.repla ... )', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:2:132:19 | s.replace('{', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:132:2:132:36 | s.repla ... }', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:2:133:19 | s.replace('<', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:133:2:133:36 | s.repla ... >', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:2:135:22 | s.repla ...  '\\\\[') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:135:2:135:42 | s.repla ...  '\\\\]') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:2:136:22 | s.repla ...  '\\\\{') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:136:2:136:42 | s.repla ...  '\\\\}') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:138:6:138:23 | s.replace('[', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:139:6:139:23 | s.replace(']', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:2:140:19 | s.replace(/{/, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:140:2:140:36 | s.repla ... }/, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:2:141:19 | s.replace(']', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:141:2:141:36 | s.repla ... [', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:2:146:25 | require ... ocess") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:2:146:49 | require ... emacs") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:2:146:60 | require ... tring() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:146:2:146:78 | require ... n", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:2:148:20 | x.replace("\\n", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:148:2:148:34 | x.repla ... e(x, y) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:2:149:16 | x.replace(x, y) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:149:2:149:34 | x.repla ... n", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:152:1:189:2 | app.get ... ed);\\n}) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:153:19:153:32 | req.param("p") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:193:9:193:31 | s.repla ... ct, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:2:197:19 | s.replace('"', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:197:2:197:36 | s.repla ... "', '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:2:198:19 | s.replace("'", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:198:2:198:36 | s.repla ... '", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:202:10:202:30 | p.repla ... /", "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:2:206:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:206:2:206:24 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:2:207:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:207:2:207:26 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:2:208:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:208:2:208:26 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:2:209:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:2:209:22 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:209:2:209:40 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:2:210:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:2:210:22 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:2:210:40 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:210:2:210:58 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:2:211:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:2:211:22 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:2:211:40 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:211:2:211:58 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:2:212:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:2:212:22 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:2:212:40 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:212:2:212:58 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:10:214:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:214:10:214:30 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:215:6:215:24 | s.replace(/>/g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:26 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:47 | s().rep ...  '&gt') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:70 | s().rep ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:216:2:216:93 | s().rep ... &#34;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:26 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:47 | s().rep ...  '&gt') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:70 | s().rep ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:217:2:217:93 | s().rep ... &#39;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:2:219:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:2:219:26 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:2:219:47 | s().rep ...  '&gt') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:219:2:219:89 | s().rep ... . */ }) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:2:221:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:221:2:221:27 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:26 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:48 | s().rep ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:72 | s().rep ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:223:2:223:107 | s().rep ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:54 | s().rep ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:76 | s().rep ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:98 | s().rep ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:122 | s().rep ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:225:2:225:146 | s().rep ... apos;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:2:227:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:227:2:227:36 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:2:229:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:229:2:229:25 | s().rep ... /g,'_') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:2:231:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:231:2:231:26 | s().rep ... "&gt;") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:2:233:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:233:2:233:67 | s().rep ... /g, "") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:2:235:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:2:235:24 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:235:2:235:47 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:2:237:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:2:237:24 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:237:2:237:47 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:2:239:4 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:2:239:24 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:239:2:239:46 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:9:243:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:243:9:243:31 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:9:244:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:244:9:244:33 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:9:245:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:245:9:245:33 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:9:246:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:246:9:246:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:9:247:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:247:9:247:31 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:9:249:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:249:9:249:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:9:250:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:250:9:250:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:9:251:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:251:9:251:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:21:253:23 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:253:21:253:45 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:32:254:34 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:254:32:254:56 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:26:255:28 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:255:26:255:50 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:15:256:17 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:256:15:256:39 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:10:261:37 | value.r ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:10:261:59 | value.r ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:261:10:261:81 | value.r ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:264:32:264:74 | escapeH ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:18:266:26 | tag(node) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:30:266:53 | [].map. ... tr_str) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:30:266:53 | reflective call |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:266:30:266:62 | [].map. ... oin('') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:63 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:270:61:270:85 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:9:271:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:9:271:31 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:271:9:271:55 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:9:272:51 | encodeU ... /g,'')) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:30 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:272:28:272:50 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:14 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:20 | s().val() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:27 | s().val().trim() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:50 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:73 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:274:12:274:94 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:275:9:275:21 | arr.join(" ") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:15 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:21 | s().val() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:28 | s().val().trim() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:51 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:74 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:276:13:276:95 | s().val ... g , '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:277:9:277:29 | arr2.re ... "/g,"") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:278:9:278:22 | arr2.join(" ") |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:281:6:281:29 | x.repla ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:6:282:28 | x.repla ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:282:6:282:50 | x.repla ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:284:6:284:30 | x.repla ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:289:7:289:30 | y.repla ... &amp;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:6:291:28 | y.repla ... '&lt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:291:6:291:50 | y.repla ... '&gt;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:294:7:294:31 | y.repla ... quot;') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:10:300:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:300:10:300:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:10:301:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:301:10:301:32 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:10:302:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:302:10:302:34 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:10:303:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:303:10:303:34 | s().rep ... /g, '') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:9:304:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:304:9:304:33 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:10:305:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:305:10:305:34 | s().rep ... ]/g,'') |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:10:309:12 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:9:320:11 | s() |
+| autogenerated/XssThroughDom/IncompleteSanitization/tst.js:320:9:329:3 | s().rep ... ;";\\n\\t}) |
 | index.js:1:12:1:24 | require("fs") |
 | index.js:3:3:3:11 | unknown() |
 | index.js:4:3:4:12 | toString() |

From 3e85e9f7d967bfa3b2a81e3072473902dbb5882a Mon Sep 17 00:00:00 2001
From: Henning Makholm <hmakholm@github.com>
Date: Fri, 16 Dec 2022 19:03:20 +0100
Subject: [PATCH 55/93] remove com.semmle.util.data.Option from from extractor
 code interface II

com.semmle.util.data.Option is going away. Switch the single
cross-repo call that mentions it to use the new Option-less overload
that was introduced in semmle-code PR 44626.
---
 .../extractor/src/com/semmle/js/extractor/HTMLExtractor.java   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/javascript/extractor/src/com/semmle/js/extractor/HTMLExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/HTMLExtractor.java
index a03d03bfe0c..dfce800af76 100644
--- a/javascript/extractor/src/com/semmle/js/extractor/HTMLExtractor.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/HTMLExtractor.java
@@ -13,7 +13,6 @@ import com.semmle.js.extractor.ExtractorConfig.ECMAVersion;
 import com.semmle.js.extractor.ExtractorConfig.Platform;
 import com.semmle.js.extractor.ExtractorConfig.SourceType;
 import com.semmle.js.parser.ParseError;
-import com.semmle.util.data.Option;
 import com.semmle.util.data.Pair;
 import com.semmle.util.data.StringUtil;
 import com.semmle.util.io.WholeIO;
@@ -239,7 +238,7 @@ public class HTMLExtractor implements IExtractor {
       extractor.setSourceMap(textualExtractor.getSourceMap());
     }
 
-    List<Label> rootNodes = extractor.doit(Option.some(eltHandler));
+    List<Label> rootNodes = extractor.doit(eltHandler);
 
     return Pair.make(rootNodes, locInfo);
   }

From f67d0bc8c0453f920b1ca9380fb3e8200e50534a Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Thu, 15 Dec 2022 14:30:22 +0100
Subject: [PATCH 56/93] put the shared HostnameRegexp code in the shared regex
 pack

---
 config/identical-files.json                   |   5 -
 .../semmle/code/java/regex/RegexTreeView.qll  |   5 +
 .../security/regexp/HostnameRegexp.qll        |  19 ++
 .../Security/CWE-020/HostnameRegexpShared.qll | 199 +------------
 .../CWE-020/HostnameRegexpSpecific.qll        |   1 -
 .../CWE-020/IncompleteHostnameRegExp.ql       |   4 +-
 .../Security/CWE-020/MissingRegExpAnchor.ql   |  25 +-
 python/ql/lib/semmle/python/RegexTreeView.qll |   2 +-
 .../python/security/regexp/HostnameRegex.qll  |  20 ++
 .../Security/CWE-020/HostnameRegexpShared.qll | 200 +------------
 .../CWE-020/HostnameRegexpSpecific.qll        |   3 -
 .../CWE-020/IncompleteHostnameRegExp.ql       |   4 +-
 .../lib/codeql/ruby/regexp/RegExpTreeView.qll |   2 +-
 .../ruby/security/regexp/HostnameRegexp.qll   |  19 ++
 .../security/cwe-020/HostnameRegexpShared.qll | 200 +------------
 .../cwe-020/HostnameRegexpSpecific.qll        |   2 -
 .../cwe-020/IncompleteHostnameRegExp.ql       |   4 +-
 .../security/cwe-020/MissingRegExpAnchor.ql   |  23 +-
 shared/regex/codeql/regex/HostnameRegexp.qll  | 268 ++++++++++++++++++
 shared/regex/codeql/regex/RegexTreeView.qll   |  17 ++
 20 files changed, 369 insertions(+), 653 deletions(-)
 create mode 100644 javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
 delete mode 100644 javascript/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
 create mode 100644 python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll
 delete mode 100644 python/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
 create mode 100644 ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
 delete mode 100644 ruby/ql/src/queries/security/cwe-020/HostnameRegexpSpecific.qll
 create mode 100644 shared/regex/codeql/regex/HostnameRegexp.qll

diff --git a/config/identical-files.json b/config/identical-files.json
index 5dbebe0329a..afef0a923d5 100644
--- a/config/identical-files.json
+++ b/config/identical-files.json
@@ -531,11 +531,6 @@
     "ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
     "javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll"
   ],
-  "Hostname Regexp queries": [
-    "javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
-    "python/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
-    "ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll"
-  ],
   "ApiGraphModels": [
     "javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",
     "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll",
diff --git a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
index 1b01be0377b..d376f7d2388 100644
--- a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
+++ b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
@@ -558,6 +558,8 @@ module Impl implements RegexTreeViewSig {
     }
   }
 
+  class RegExpCharEscape = RegExpEscape;
+
   /**
    * A word boundary, that is, a regular expression term of the form `\b`.
    */
@@ -868,6 +870,9 @@ module Impl implements RegexTreeViewSig {
     predicate isNamedGroupOfLiteral(RegExpLiteral lit, string name) {
       lit = this.getLiteral() and name = this.getName()
     }
+
+    /** Holds if this is a capture group. */
+    predicate isCapture() { exists(this.getNumber()) }
   }
 
   /**
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll b/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
new file mode 100644
index 00000000000..1922ad01bf1
--- /dev/null
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
@@ -0,0 +1,19 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * that match URLs and hostname patterns.
+ */
+
+private import javascript as JS
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeImpl
+private import semmle.javascript.Regexp as RegExp
+private import codeql.regex.HostnameRegexp as Shared
+
+private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
+  class DataFlowNode = JS::DataFlow::Node;
+
+  class RegExpPatternSource = RegExp::RegExpPatternSource;
+
+  string getACommonTld() { result = RegExp::RegExpPatterns::getACommonTld() }
+}
+
+import Shared::Make<TreeImpl, Impl>
diff --git a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll b/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll
index 5e9bc406512..524be45c653 100644
--- a/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll
+++ b/javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll
@@ -3,200 +3,5 @@
  * that match URLs and hostname patterns.
  */
 
-private import HostnameRegexpSpecific
-
-/**
- * Holds if the given constant is unlikely to occur in the origin part of a URL.
- */
-predicate isConstantInvalidInsideOrigin(RegExpConstant term) {
-  // Look for any of these cases:
-  // - A character that can't occur in the origin
-  // - Two dashes in a row
-  // - A colon that is not part of port or scheme separator
-  // - A slash that is not part of scheme separator
-  term.getValue().regexpMatch(".*(?:[^a-zA-Z0-9.:/-]|--|:[^0-9/]|(?<![/:]|^)/).*")
-}
-
-/** Holds if `term` is a dot constant of form `\.` or `[.]`. */
-predicate isDotConstant(RegExpTerm term) {
-  term.(RegExpCharEscape).getValue() = "."
-  or
-  exists(RegExpCharacterClass cls |
-    term = cls and
-    not cls.isInverted() and
-    cls.getNumChild() = 1 and
-    cls.getAChild().(RegExpConstant).getValue() = "."
-  )
-}
-
-/** Holds if `term` is a wildcard `.` or an actual `.` character. */
-predicate isDotLike(RegExpTerm term) {
-  term instanceof RegExpDot
-  or
-  isDotConstant(term)
-}
-
-/** Holds if `term` will only ever be matched against the beginning of the input. */
-predicate matchesBeginningOfString(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent | matchesBeginningOfString(parent) |
-    term = parent.(RegExpSequence).getChild(0)
-    or
-    parent.(RegExpSequence).getChild(0) instanceof RegExpCaret and
-    term = parent.(RegExpSequence).getChild(1)
-    or
-    term = parent.(RegExpAlt).getAChild()
-    or
-    term = parent.(RegExpGroup).getAChild()
-  )
-}
-
-/**
- * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`,
- * excluding cases where this is at the very beginning of the regexp.
- *
- * `i` is bound to the index of the last child in the top-level domain part.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq, int i) {
-  seq.getChild(i)
-      .(RegExpConstant)
-      .getValue()
-      .regexpMatch("(?i)" + RegExpPatterns::getACommonTld() + "(:\\d+)?([/?#].*)?") and
-  isDotLike(seq.getChild(i - 1)) and
-  not (i = 1 and matchesBeginningOfString(seq))
-}
-
-/**
- * Holds if the given regular expression term contains top-level domain preceded by a dot,
- * such as `.com`.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq) { hasTopLevelDomainEnding(seq, _) }
-
-/**
- * Holds if `term` will always match a hostname, that is, all disjunctions contain
- * a hostname pattern that isn't inside a quantifier.
- */
-predicate alwaysMatchesHostname(RegExpTerm term) {
-  hasTopLevelDomainEnding(term, _)
-  or
-  // `localhost` is considered a hostname pattern, but has no TLD
-  term.(RegExpConstant).getValue().regexpMatch("\\blocalhost\\b")
-  or
-  not term instanceof RegExpAlt and
-  not term instanceof RegExpQuantifier and
-  alwaysMatchesHostname(term.getAChild())
-  or
-  alwaysMatchesHostnameAlt(term)
-}
-
-/** Holds if every child of `alt` contains a hostname pattern. */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt) {
-  alwaysMatchesHostnameAlt(alt, alt.getNumChild() - 1)
-}
-
-/**
- * Holds if the first `i` children of `alt` contains a hostname pattern.
- *
- * This is used instead of `forall` to avoid materializing the set of alternatives
- * that don't contains hostnames, which is much larger.
- */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt, int i) {
-  alwaysMatchesHostname(alt.getChild(0)) and i = 0
-  or
-  alwaysMatchesHostnameAlt(alt, i - 1) and
-  alwaysMatchesHostname(alt.getChild(i))
-}
-
-/**
- * Holds if `term` occurs inside a quantifier or alternative (and thus
- * can not be expected to correspond to a unique match), or as part of
- * a lookaround assertion (which are rarely used for capture groups).
- */
-predicate isInsideChoiceOrSubPattern(RegExpTerm term) {
-  exists(RegExpParent parent | parent = term.getParent() |
-    parent instanceof RegExpAlt
-    or
-    parent instanceof RegExpQuantifier
-    or
-    parent instanceof RegExpSubPattern
-    or
-    isInsideChoiceOrSubPattern(parent)
-  )
-}
-
-/**
- * Holds if `group` is likely to be used as a capture group.
- */
-predicate isLikelyCaptureGroup(RegExpGroup group) {
-  group.isCapture() and
-  not isInsideChoiceOrSubPattern(group)
-}
-
-/**
- * Holds if `seq` contains two consecutive dots `..` or escaped dots.
- *
- * At least one of these dots is not intended to be a subdomain separator,
- * so we avoid flagging the pattern in this case.
- */
-predicate hasConsecutiveDots(RegExpSequence seq) {
-  exists(int i |
-    isDotLike(seq.getChild(i)) and
-    isDotLike(seq.getChild(i + 1))
-  )
-}
-
-predicate isIncompleteHostNameRegExpPattern(RegExpTerm regexp, RegExpSequence seq, string msg) {
-  seq = regexp.getAChild*() and
-  exists(RegExpDot unescapedDot, int i, string hostname |
-    hasTopLevelDomainEnding(seq, i) and
-    not isConstantInvalidInsideOrigin(seq.getChild([0 .. i - 1]).getAChild*()) and
-    not isLikelyCaptureGroup(seq.getChild([i .. seq.getNumChild() - 1]).getAChild*()) and
-    unescapedDot = seq.getChild([0 .. i - 1]).getAChild*() and
-    unescapedDot != seq.getChild(i - 1) and // Should not be the '.' immediately before the TLD
-    not hasConsecutiveDots(unescapedDot.getParent()) and
-    hostname =
-      seq.getChild(i - 2).getRawValue() + seq.getChild(i - 1).getRawValue() +
-        seq.getChild(i).getRawValue()
-  |
-    if unescapedDot.getParent() instanceof RegExpQuantifier
-    then
-      // `.*\.example.com` can match `evil.com/?x=.example.com`
-      //
-      // This problem only occurs when the pattern is applied against a full URL, not just a hostname/origin.
-      // We therefore check if the pattern includes a suffix after the TLD, such as `.*\.example.com/`.
-      // Note that a post-anchored pattern (`.*\.example.com$`) will usually fail to match a full URL,
-      // and patterns with neither a suffix nor an anchor fall under the purview of MissingRegExpAnchor.
-      seq.getChild(0) instanceof RegExpCaret and
-      not seq.getAChild() instanceof RegExpDollar and
-      seq.getChild([i .. i + 1]).(RegExpConstant).getValue().regexpMatch(".*[/?#].*") and
-      msg =
-        "has an unrestricted wildcard '" + unescapedDot.getParent().(RegExpQuantifier).getRawValue()
-          + "' which may cause '" + hostname +
-          "' to be matched anywhere in the URL, outside the hostname."
-    else
-      msg =
-        "has an unescaped '.' before '" + hostname +
-          "', so it might match more hosts than expected."
-  )
-}
-
-predicate incompleteHostnameRegExp(
-  RegExpSequence hostSequence, string message, DataFlow::Node aux, string label
-) {
-  exists(RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
-    regexp = re.getRegExpTerm() and
-    isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
-    (
-      if re.getAParse() != re
-      then (
-        kind = "string, which is used as a regular expression $@," and
-        aux = re.getAParse()
-      ) else (
-        kind = "regular expression" and aux = re
-      )
-    )
-  |
-    message = "This " + kind + " " + msg and label = "here"
-  )
-}
+deprecated import semmle.javascript.security.regexp.HostnameRegexp as Dep
+import Dep
diff --git a/javascript/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll b/javascript/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
deleted file mode 100644
index 7046b14f09d..00000000000
--- a/javascript/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
+++ /dev/null
@@ -1 +0,0 @@
-import javascript
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
index 3ae844bf57f..2bf62b710a0 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
+++ b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
@@ -11,6 +11,6 @@
  *       external/cwe/cwe-020
  */
 
-import HostnameRegexpShared
+private import semmle.javascript.security.regexp.HostnameRegexp as HostnameRegexp
 
-query predicate problems = incompleteHostnameRegExp/4;
+query predicate problems = HostnameRegexp::incompleteHostnameRegExp/4;
diff --git a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
index cd71f5c6a49..504739a68ae 100644
--- a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
+++ b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
@@ -11,29 +11,10 @@
  *       external/cwe/cwe-020
  */
 
-import javascript
-import HostnameRegexpShared
-
-/** Holds if `term` is one of the transitive left children of a regexp. */
-predicate isLeftArmTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent |
-    term = parent.getChild(0) and
-    isLeftArmTerm(parent)
-  )
-}
-
-/** Holds if `term` is one of the transitive right children of a regexp. */
-predicate isRightArmTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent |
-    term = parent.getLastChild() and
-    isRightArmTerm(parent)
-  )
-}
+private import javascript
+private import semmle.javascript.security.regexp.HostnameRegexp
 
+// TODO: Share the below code.
 /**
  * Holds if `term` is an anchor that is not the first or last node
  * in its tree.
diff --git a/python/ql/lib/semmle/python/RegexTreeView.qll b/python/ql/lib/semmle/python/RegexTreeView.qll
index 8a5d95cc7cf..5be80d94ec4 100644
--- a/python/ql/lib/semmle/python/RegexTreeView.qll
+++ b/python/ql/lib/semmle/python/RegexTreeView.qll
@@ -454,7 +454,7 @@ module Impl implements RegexTreeViewSig {
     override string getPrimaryQLClass() { result = "RegExpAlt" }
   }
 
-  additional class RegExpCharEscape = RegExpEscape;
+  class RegExpCharEscape = RegExpEscape;
 
   /**
    * An escaped regular expression term, that is, a regular expression
diff --git a/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll
new file mode 100644
index 00000000000..db0ab155b3e
--- /dev/null
+++ b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll
@@ -0,0 +1,20 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * that match URLs and hostname patterns.
+ */
+
+private import python
+private import semmle.python.dataflow.new.DataFlow
+private import semmle.python.RegexTreeView::RegexTreeView as TreeImpl
+private import semmle.python.dataflow.new.Regexp as Regexp
+private import codeql.regex.HostnameRegexp as Shared
+
+private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
+  class DataFlowNode = DataFlow::Node;
+
+  class RegExpPatternSource = Regexp::RegExpPatternSource;
+
+  string getACommonTld() { result = Regexp::RegExpPatterns::getACommonTld() }
+}
+
+import Shared::Make<TreeImpl, Impl>
diff --git a/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll b/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll
index 5e9bc406512..d15714d406a 100644
--- a/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll
+++ b/python/ql/src/Security/CWE-020/HostnameRegexpShared.qll
@@ -3,200 +3,6 @@
  * that match URLs and hostname patterns.
  */
 
-private import HostnameRegexpSpecific
-
-/**
- * Holds if the given constant is unlikely to occur in the origin part of a URL.
- */
-predicate isConstantInvalidInsideOrigin(RegExpConstant term) {
-  // Look for any of these cases:
-  // - A character that can't occur in the origin
-  // - Two dashes in a row
-  // - A colon that is not part of port or scheme separator
-  // - A slash that is not part of scheme separator
-  term.getValue().regexpMatch(".*(?:[^a-zA-Z0-9.:/-]|--|:[^0-9/]|(?<![/:]|^)/).*")
-}
-
-/** Holds if `term` is a dot constant of form `\.` or `[.]`. */
-predicate isDotConstant(RegExpTerm term) {
-  term.(RegExpCharEscape).getValue() = "."
-  or
-  exists(RegExpCharacterClass cls |
-    term = cls and
-    not cls.isInverted() and
-    cls.getNumChild() = 1 and
-    cls.getAChild().(RegExpConstant).getValue() = "."
-  )
-}
-
-/** Holds if `term` is a wildcard `.` or an actual `.` character. */
-predicate isDotLike(RegExpTerm term) {
-  term instanceof RegExpDot
-  or
-  isDotConstant(term)
-}
-
-/** Holds if `term` will only ever be matched against the beginning of the input. */
-predicate matchesBeginningOfString(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent | matchesBeginningOfString(parent) |
-    term = parent.(RegExpSequence).getChild(0)
-    or
-    parent.(RegExpSequence).getChild(0) instanceof RegExpCaret and
-    term = parent.(RegExpSequence).getChild(1)
-    or
-    term = parent.(RegExpAlt).getAChild()
-    or
-    term = parent.(RegExpGroup).getAChild()
-  )
-}
-
-/**
- * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`,
- * excluding cases where this is at the very beginning of the regexp.
- *
- * `i` is bound to the index of the last child in the top-level domain part.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq, int i) {
-  seq.getChild(i)
-      .(RegExpConstant)
-      .getValue()
-      .regexpMatch("(?i)" + RegExpPatterns::getACommonTld() + "(:\\d+)?([/?#].*)?") and
-  isDotLike(seq.getChild(i - 1)) and
-  not (i = 1 and matchesBeginningOfString(seq))
-}
-
-/**
- * Holds if the given regular expression term contains top-level domain preceded by a dot,
- * such as `.com`.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq) { hasTopLevelDomainEnding(seq, _) }
-
-/**
- * Holds if `term` will always match a hostname, that is, all disjunctions contain
- * a hostname pattern that isn't inside a quantifier.
- */
-predicate alwaysMatchesHostname(RegExpTerm term) {
-  hasTopLevelDomainEnding(term, _)
-  or
-  // `localhost` is considered a hostname pattern, but has no TLD
-  term.(RegExpConstant).getValue().regexpMatch("\\blocalhost\\b")
-  or
-  not term instanceof RegExpAlt and
-  not term instanceof RegExpQuantifier and
-  alwaysMatchesHostname(term.getAChild())
-  or
-  alwaysMatchesHostnameAlt(term)
-}
-
-/** Holds if every child of `alt` contains a hostname pattern. */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt) {
-  alwaysMatchesHostnameAlt(alt, alt.getNumChild() - 1)
-}
-
-/**
- * Holds if the first `i` children of `alt` contains a hostname pattern.
- *
- * This is used instead of `forall` to avoid materializing the set of alternatives
- * that don't contains hostnames, which is much larger.
- */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt, int i) {
-  alwaysMatchesHostname(alt.getChild(0)) and i = 0
-  or
-  alwaysMatchesHostnameAlt(alt, i - 1) and
-  alwaysMatchesHostname(alt.getChild(i))
-}
-
-/**
- * Holds if `term` occurs inside a quantifier or alternative (and thus
- * can not be expected to correspond to a unique match), or as part of
- * a lookaround assertion (which are rarely used for capture groups).
- */
-predicate isInsideChoiceOrSubPattern(RegExpTerm term) {
-  exists(RegExpParent parent | parent = term.getParent() |
-    parent instanceof RegExpAlt
-    or
-    parent instanceof RegExpQuantifier
-    or
-    parent instanceof RegExpSubPattern
-    or
-    isInsideChoiceOrSubPattern(parent)
-  )
-}
-
-/**
- * Holds if `group` is likely to be used as a capture group.
- */
-predicate isLikelyCaptureGroup(RegExpGroup group) {
-  group.isCapture() and
-  not isInsideChoiceOrSubPattern(group)
-}
-
-/**
- * Holds if `seq` contains two consecutive dots `..` or escaped dots.
- *
- * At least one of these dots is not intended to be a subdomain separator,
- * so we avoid flagging the pattern in this case.
- */
-predicate hasConsecutiveDots(RegExpSequence seq) {
-  exists(int i |
-    isDotLike(seq.getChild(i)) and
-    isDotLike(seq.getChild(i + 1))
-  )
-}
-
-predicate isIncompleteHostNameRegExpPattern(RegExpTerm regexp, RegExpSequence seq, string msg) {
-  seq = regexp.getAChild*() and
-  exists(RegExpDot unescapedDot, int i, string hostname |
-    hasTopLevelDomainEnding(seq, i) and
-    not isConstantInvalidInsideOrigin(seq.getChild([0 .. i - 1]).getAChild*()) and
-    not isLikelyCaptureGroup(seq.getChild([i .. seq.getNumChild() - 1]).getAChild*()) and
-    unescapedDot = seq.getChild([0 .. i - 1]).getAChild*() and
-    unescapedDot != seq.getChild(i - 1) and // Should not be the '.' immediately before the TLD
-    not hasConsecutiveDots(unescapedDot.getParent()) and
-    hostname =
-      seq.getChild(i - 2).getRawValue() + seq.getChild(i - 1).getRawValue() +
-        seq.getChild(i).getRawValue()
-  |
-    if unescapedDot.getParent() instanceof RegExpQuantifier
-    then
-      // `.*\.example.com` can match `evil.com/?x=.example.com`
-      //
-      // This problem only occurs when the pattern is applied against a full URL, not just a hostname/origin.
-      // We therefore check if the pattern includes a suffix after the TLD, such as `.*\.example.com/`.
-      // Note that a post-anchored pattern (`.*\.example.com$`) will usually fail to match a full URL,
-      // and patterns with neither a suffix nor an anchor fall under the purview of MissingRegExpAnchor.
-      seq.getChild(0) instanceof RegExpCaret and
-      not seq.getAChild() instanceof RegExpDollar and
-      seq.getChild([i .. i + 1]).(RegExpConstant).getValue().regexpMatch(".*[/?#].*") and
-      msg =
-        "has an unrestricted wildcard '" + unescapedDot.getParent().(RegExpQuantifier).getRawValue()
-          + "' which may cause '" + hostname +
-          "' to be matched anywhere in the URL, outside the hostname."
-    else
-      msg =
-        "has an unescaped '.' before '" + hostname +
-          "', so it might match more hosts than expected."
-  )
-}
-
-predicate incompleteHostnameRegExp(
-  RegExpSequence hostSequence, string message, DataFlow::Node aux, string label
-) {
-  exists(RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
-    regexp = re.getRegExpTerm() and
-    isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
-    (
-      if re.getAParse() != re
-      then (
-        kind = "string, which is used as a regular expression $@," and
-        aux = re.getAParse()
-      ) else (
-        kind = "regular expression" and aux = re
-      )
-    )
-  |
-    message = "This " + kind + " " + msg and label = "here"
-  )
-}
+// HostnameRegexp should be used directly from the shared regex pack, and not from this file.
+deprecated private import semmle.python.security.regexp.HostnameRegex as Dep
+import Dep
diff --git a/python/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll b/python/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
deleted file mode 100644
index 5f60495b202..00000000000
--- a/python/ql/src/Security/CWE-020/HostnameRegexpSpecific.qll
+++ /dev/null
@@ -1,3 +0,0 @@
-import semmle.python.RegexTreeView
-import semmle.python.dataflow.new.DataFlow
-import semmle.python.dataflow.new.Regexp
diff --git a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
index db7129e5ac5..d394107f9d6 100644
--- a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
+++ b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
@@ -11,6 +11,6 @@
  *       external/cwe/cwe-020
  */
 
-import HostnameRegexpShared
+private import semmle.python.security.regexp.HostnameRegex as HostnameRegex
 
-query predicate problems = incompleteHostnameRegExp/4;
+query predicate problems = HostnameRegex::incompleteHostnameRegExp/4;
diff --git a/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll b/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
index 4a0b40ccfb2..3f56d3f59b0 100644
--- a/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
+++ b/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
@@ -539,7 +539,7 @@ private module Impl implements RegexTreeViewSig {
     override predicate isNullable() { this.getAChild().isNullable() }
   }
 
-  additional class RegExpCharEscape = RegExpEscape;
+  class RegExpCharEscape = RegExpEscape;
 
   /**
    * An escaped regular expression term, that is, a regular expression
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll b/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
new file mode 100644
index 00000000000..234cf1e9593
--- /dev/null
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
@@ -0,0 +1,19 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * that match URLs and hostname patterns.
+ */
+
+private import ruby
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeImpl
+private import codeql.ruby.Regexp as Regexp
+private import codeql.regex.HostnameRegexp as Shared
+
+private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
+  class DataFlowNode = DataFlow::Node;
+
+  class RegExpPatternSource = Regexp::RegExpPatternSource;
+
+  string getACommonTld() { result = Regexp::RegExpPatterns::getACommonTld() }
+}
+
+import Shared::Make<TreeImpl, Impl>
diff --git a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll b/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll
index 5e9bc406512..dc3ed9aeaf7 100644
--- a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll
+++ b/ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll
@@ -3,200 +3,6 @@
  * that match URLs and hostname patterns.
  */
 
-private import HostnameRegexpSpecific
-
-/**
- * Holds if the given constant is unlikely to occur in the origin part of a URL.
- */
-predicate isConstantInvalidInsideOrigin(RegExpConstant term) {
-  // Look for any of these cases:
-  // - A character that can't occur in the origin
-  // - Two dashes in a row
-  // - A colon that is not part of port or scheme separator
-  // - A slash that is not part of scheme separator
-  term.getValue().regexpMatch(".*(?:[^a-zA-Z0-9.:/-]|--|:[^0-9/]|(?<![/:]|^)/).*")
-}
-
-/** Holds if `term` is a dot constant of form `\.` or `[.]`. */
-predicate isDotConstant(RegExpTerm term) {
-  term.(RegExpCharEscape).getValue() = "."
-  or
-  exists(RegExpCharacterClass cls |
-    term = cls and
-    not cls.isInverted() and
-    cls.getNumChild() = 1 and
-    cls.getAChild().(RegExpConstant).getValue() = "."
-  )
-}
-
-/** Holds if `term` is a wildcard `.` or an actual `.` character. */
-predicate isDotLike(RegExpTerm term) {
-  term instanceof RegExpDot
-  or
-  isDotConstant(term)
-}
-
-/** Holds if `term` will only ever be matched against the beginning of the input. */
-predicate matchesBeginningOfString(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent | matchesBeginningOfString(parent) |
-    term = parent.(RegExpSequence).getChild(0)
-    or
-    parent.(RegExpSequence).getChild(0) instanceof RegExpCaret and
-    term = parent.(RegExpSequence).getChild(1)
-    or
-    term = parent.(RegExpAlt).getAChild()
-    or
-    term = parent.(RegExpGroup).getAChild()
-  )
-}
-
-/**
- * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`,
- * excluding cases where this is at the very beginning of the regexp.
- *
- * `i` is bound to the index of the last child in the top-level domain part.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq, int i) {
-  seq.getChild(i)
-      .(RegExpConstant)
-      .getValue()
-      .regexpMatch("(?i)" + RegExpPatterns::getACommonTld() + "(:\\d+)?([/?#].*)?") and
-  isDotLike(seq.getChild(i - 1)) and
-  not (i = 1 and matchesBeginningOfString(seq))
-}
-
-/**
- * Holds if the given regular expression term contains top-level domain preceded by a dot,
- * such as `.com`.
- */
-predicate hasTopLevelDomainEnding(RegExpSequence seq) { hasTopLevelDomainEnding(seq, _) }
-
-/**
- * Holds if `term` will always match a hostname, that is, all disjunctions contain
- * a hostname pattern that isn't inside a quantifier.
- */
-predicate alwaysMatchesHostname(RegExpTerm term) {
-  hasTopLevelDomainEnding(term, _)
-  or
-  // `localhost` is considered a hostname pattern, but has no TLD
-  term.(RegExpConstant).getValue().regexpMatch("\\blocalhost\\b")
-  or
-  not term instanceof RegExpAlt and
-  not term instanceof RegExpQuantifier and
-  alwaysMatchesHostname(term.getAChild())
-  or
-  alwaysMatchesHostnameAlt(term)
-}
-
-/** Holds if every child of `alt` contains a hostname pattern. */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt) {
-  alwaysMatchesHostnameAlt(alt, alt.getNumChild() - 1)
-}
-
-/**
- * Holds if the first `i` children of `alt` contains a hostname pattern.
- *
- * This is used instead of `forall` to avoid materializing the set of alternatives
- * that don't contains hostnames, which is much larger.
- */
-predicate alwaysMatchesHostnameAlt(RegExpAlt alt, int i) {
-  alwaysMatchesHostname(alt.getChild(0)) and i = 0
-  or
-  alwaysMatchesHostnameAlt(alt, i - 1) and
-  alwaysMatchesHostname(alt.getChild(i))
-}
-
-/**
- * Holds if `term` occurs inside a quantifier or alternative (and thus
- * can not be expected to correspond to a unique match), or as part of
- * a lookaround assertion (which are rarely used for capture groups).
- */
-predicate isInsideChoiceOrSubPattern(RegExpTerm term) {
-  exists(RegExpParent parent | parent = term.getParent() |
-    parent instanceof RegExpAlt
-    or
-    parent instanceof RegExpQuantifier
-    or
-    parent instanceof RegExpSubPattern
-    or
-    isInsideChoiceOrSubPattern(parent)
-  )
-}
-
-/**
- * Holds if `group` is likely to be used as a capture group.
- */
-predicate isLikelyCaptureGroup(RegExpGroup group) {
-  group.isCapture() and
-  not isInsideChoiceOrSubPattern(group)
-}
-
-/**
- * Holds if `seq` contains two consecutive dots `..` or escaped dots.
- *
- * At least one of these dots is not intended to be a subdomain separator,
- * so we avoid flagging the pattern in this case.
- */
-predicate hasConsecutiveDots(RegExpSequence seq) {
-  exists(int i |
-    isDotLike(seq.getChild(i)) and
-    isDotLike(seq.getChild(i + 1))
-  )
-}
-
-predicate isIncompleteHostNameRegExpPattern(RegExpTerm regexp, RegExpSequence seq, string msg) {
-  seq = regexp.getAChild*() and
-  exists(RegExpDot unescapedDot, int i, string hostname |
-    hasTopLevelDomainEnding(seq, i) and
-    not isConstantInvalidInsideOrigin(seq.getChild([0 .. i - 1]).getAChild*()) and
-    not isLikelyCaptureGroup(seq.getChild([i .. seq.getNumChild() - 1]).getAChild*()) and
-    unescapedDot = seq.getChild([0 .. i - 1]).getAChild*() and
-    unescapedDot != seq.getChild(i - 1) and // Should not be the '.' immediately before the TLD
-    not hasConsecutiveDots(unescapedDot.getParent()) and
-    hostname =
-      seq.getChild(i - 2).getRawValue() + seq.getChild(i - 1).getRawValue() +
-        seq.getChild(i).getRawValue()
-  |
-    if unescapedDot.getParent() instanceof RegExpQuantifier
-    then
-      // `.*\.example.com` can match `evil.com/?x=.example.com`
-      //
-      // This problem only occurs when the pattern is applied against a full URL, not just a hostname/origin.
-      // We therefore check if the pattern includes a suffix after the TLD, such as `.*\.example.com/`.
-      // Note that a post-anchored pattern (`.*\.example.com$`) will usually fail to match a full URL,
-      // and patterns with neither a suffix nor an anchor fall under the purview of MissingRegExpAnchor.
-      seq.getChild(0) instanceof RegExpCaret and
-      not seq.getAChild() instanceof RegExpDollar and
-      seq.getChild([i .. i + 1]).(RegExpConstant).getValue().regexpMatch(".*[/?#].*") and
-      msg =
-        "has an unrestricted wildcard '" + unescapedDot.getParent().(RegExpQuantifier).getRawValue()
-          + "' which may cause '" + hostname +
-          "' to be matched anywhere in the URL, outside the hostname."
-    else
-      msg =
-        "has an unescaped '.' before '" + hostname +
-          "', so it might match more hosts than expected."
-  )
-}
-
-predicate incompleteHostnameRegExp(
-  RegExpSequence hostSequence, string message, DataFlow::Node aux, string label
-) {
-  exists(RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
-    regexp = re.getRegExpTerm() and
-    isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
-    (
-      if re.getAParse() != re
-      then (
-        kind = "string, which is used as a regular expression $@," and
-        aux = re.getAParse()
-      ) else (
-        kind = "regular expression" and aux = re
-      )
-    )
-  |
-    message = "This " + kind + " " + msg and label = "here"
-  )
-}
+// HostnameRegexp should be used directly from the shared regex pack, and not from this file.
+deprecated import codeql.ruby.security.regexp.HostnameRegexp as Dep
+import Dep
diff --git a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpSpecific.qll b/ruby/ql/src/queries/security/cwe-020/HostnameRegexpSpecific.qll
deleted file mode 100644
index 42e4445a7ba..00000000000
--- a/ruby/ql/src/queries/security/cwe-020/HostnameRegexpSpecific.qll
+++ /dev/null
@@ -1,2 +0,0 @@
-import codeql.ruby.Regexp
-import codeql.ruby.DataFlow
diff --git a/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql b/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
index f300fc9403f..33db6e4489a 100644
--- a/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
+++ b/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
@@ -11,6 +11,6 @@
  *       external/cwe/cwe-020
  */
 
-import HostnameRegexpShared
+private import codeql.ruby.security.regexp.HostnameRegexp as HostnameRegxp
 
-query predicate problems = incompleteHostnameRegExp/4;
+query predicate problems = HostnameRegxp::incompleteHostnameRegExp/4;
diff --git a/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql b/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
index 45653af568d..e39fb9d4f67 100644
--- a/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
+++ b/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
@@ -11,10 +11,10 @@
  *       external/cwe/cwe-020
  */
 
-import HostnameRegexpShared
 import codeql.ruby.DataFlow
 import codeql.ruby.regexp.RegExpTreeView
 import codeql.ruby.Regexp
+private import codeql.ruby.security.regexp.HostnameRegexp
 
 /**
  * Holds if `term` is a final term, that is, no term will match anything after this one.
@@ -35,26 +35,6 @@ predicate isFinalRegExpTerm(RegExpTerm term) {
   )
 }
 
-/** Holds if `term` is one of the transitive left children of a regexp. */
-predicate isLeftArmTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent |
-    term = parent.getChild(0) and
-    isLeftArmTerm(parent)
-  )
-}
-
-/** Holds if `term` is one of the transitive right children of a regexp. */
-predicate isRightArmTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpTerm parent |
-    term = parent.getLastChild() and
-    isRightArmTerm(parent)
-  )
-}
-
 /**
  * Holds if `term` is an anchor that is not the first or last node
  * in its tree.
@@ -182,6 +162,7 @@ predicate hasMisleadingAnchorPrecedence(RegExpPatternSource src, string msg) {
  * rather than `\A/\z` which match the start/end of the whole string.
  */
 predicate isLineAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
+  // TODO: <- this one is Ruby specific.
   // avoid double reporting
   not (
     isSemiAnchoredHostnameRegExp(src, _) or
diff --git a/shared/regex/codeql/regex/HostnameRegexp.qll b/shared/regex/codeql/regex/HostnameRegexp.qll
new file mode 100644
index 00000000000..5370e6e18a9
--- /dev/null
+++ b/shared/regex/codeql/regex/HostnameRegexp.qll
@@ -0,0 +1,268 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * that match URLs and hostname patterns.
+ */
+
+private import RegexTreeView
+
+/**
+ * A signature specifying the required parts to perform an
+ * analysis on regular expressions matching hostnames.
+ */
+signature module HostnameRegexpSig<RegexTreeViewSig TreeImpl> {
+  /**
+   * Gets a pattern that matches common top-level domain names in lower case.
+   */
+  string getACommonTld();
+
+  /** A node in the data-flow graph. */
+  class DataFlowNode;
+
+  /** A node in the data-flow graph that represents a regular expression pattern. */
+  class RegExpPatternSource extends DataFlowNode {
+    /**
+     * Gets the root term of the regular expression parsed from this pattern.
+     */
+    TreeImpl::RegExpTerm getRegExpTerm();
+
+    /**
+     * Gets a node where the pattern of this node is parsed as a part of
+     * a regular expression.
+     */
+    DataFlowNode getAParse();
+  }
+}
+
+/**
+ * Classes and predicates implementing an analysis on regular expressions
+ * that match URLs and hostname patterns.
+ */
+module Make<RegexTreeViewSig TreeImpl, HostnameRegexpSig<TreeImpl> Specific> {
+  private import TreeImpl
+
+  /**
+   * Holds if the given constant is unlikely to occur in the origin part of a URL.
+   */
+  predicate isConstantInvalidInsideOrigin(RegExpConstant term) {
+    // Look for any of these cases:
+    // - A character that can't occur in the origin
+    // - Two dashes in a row
+    // - A colon that is not part of port or scheme separator
+    // - A slash that is not part of scheme separator
+    term.getValue().regexpMatch(".*(?:[^a-zA-Z0-9.:/-]|--|:[^0-9/]|(?<![/:]|^)/).*")
+  }
+
+  /** Holds if `term` is a dot constant of form `\.` or `[.]`. */
+  predicate isDotConstant(RegExpTerm term) {
+    term.(RegExpCharEscape).getValue() = "."
+    or
+    exists(RegExpCharacterClass cls |
+      term = cls and
+      not cls.isInverted() and
+      cls.getNumChild() = 1 and
+      cls.getAChild().(RegExpConstant).getValue() = "."
+    )
+  }
+
+  /** Holds if `term` is a wildcard `.` or an actual `.` character. */
+  predicate isDotLike(RegExpTerm term) {
+    term instanceof RegExpDot
+    or
+    isDotConstant(term)
+  }
+
+  /** Holds if `term` will only ever be matched against the beginning of the input. */
+  predicate matchesBeginningOfString(RegExpTerm term) {
+    term.isRootTerm()
+    or
+    exists(RegExpTerm parent | matchesBeginningOfString(parent) |
+      term = parent.(RegExpSequence).getChild(0)
+      or
+      parent.(RegExpSequence).getChild(0) instanceof RegExpCaret and
+      term = parent.(RegExpSequence).getChild(1)
+      or
+      term = parent.(RegExpAlt).getAChild()
+      or
+      term = parent.(RegExpGroup).getAChild()
+    )
+  }
+
+  /**
+   * Holds if the given sequence `seq` contains top-level domain preceded by a dot, such as `.com`,
+   * excluding cases where this is at the very beginning of the regexp.
+   *
+   * `i` is bound to the index of the last child in the top-level domain part.
+   */
+  predicate hasTopLevelDomainEnding(RegExpSequence seq, int i) {
+    seq.getChild(i)
+        .(RegExpConstant)
+        .getValue()
+        .regexpMatch("(?i)" + Specific::getACommonTld() + "(:\\d+)?([/?#].*)?") and
+    isDotLike(seq.getChild(i - 1)) and
+    not (i = 1 and matchesBeginningOfString(seq))
+  }
+
+  /**
+   * Holds if the given regular expression term contains top-level domain preceded by a dot,
+   * such as `.com`.
+   */
+  predicate hasTopLevelDomainEnding(RegExpSequence seq) { hasTopLevelDomainEnding(seq, _) }
+
+  /**
+   * Holds if `term` will always match a hostname, that is, all disjunctions contain
+   * a hostname pattern that isn't inside a quantifier.
+   */
+  predicate alwaysMatchesHostname(RegExpTerm term) {
+    hasTopLevelDomainEnding(term, _)
+    or
+    // `localhost` is considered a hostname pattern, but has no TLD
+    term.(RegExpConstant).getValue().regexpMatch("\\blocalhost\\b")
+    or
+    not term instanceof RegExpAlt and
+    not term instanceof RegExpQuantifier and
+    alwaysMatchesHostname(term.getAChild())
+    or
+    alwaysMatchesHostnameAlt(term)
+  }
+
+  /** Holds if every child of `alt` contains a hostname pattern. */
+  predicate alwaysMatchesHostnameAlt(RegExpAlt alt) {
+    alwaysMatchesHostnameAlt(alt, alt.getNumChild() - 1)
+  }
+
+  /**
+   * Holds if the first `i` children of `alt` contains a hostname pattern.
+   *
+   * This is used instead of `forall` to avoid materializing the set of alternatives
+   * that don't contains hostnames, which is much larger.
+   */
+  predicate alwaysMatchesHostnameAlt(RegExpAlt alt, int i) {
+    alwaysMatchesHostname(alt.getChild(0)) and i = 0
+    or
+    alwaysMatchesHostnameAlt(alt, i - 1) and
+    alwaysMatchesHostname(alt.getChild(i))
+  }
+
+  /**
+   * Holds if `term` occurs inside a quantifier or alternative (and thus
+   * can not be expected to correspond to a unique match), or as part of
+   * a lookaround assertion (which are rarely used for capture groups).
+   */
+  predicate isInsideChoiceOrSubPattern(RegExpTerm term) {
+    exists(RegExpParent parent | parent = term.getParent() |
+      parent instanceof RegExpAlt
+      or
+      parent instanceof RegExpQuantifier
+      or
+      parent instanceof RegExpSubPattern
+      or
+      isInsideChoiceOrSubPattern(parent)
+    )
+  }
+
+  /**
+   * Holds if `group` is likely to be used as a capture group.
+   */
+  predicate isLikelyCaptureGroup(RegExpGroup group) {
+    group.isCapture() and
+    not isInsideChoiceOrSubPattern(group)
+  }
+
+  /**
+   * Holds if `seq` contains two consecutive dots `..` or escaped dots.
+   *
+   * At least one of these dots is not intended to be a subdomain separator,
+   * so we avoid flagging the pattern in this case.
+   */
+  predicate hasConsecutiveDots(RegExpSequence seq) {
+    exists(int i |
+      isDotLike(seq.getChild(i)) and
+      isDotLike(seq.getChild(i + 1))
+    )
+  }
+
+  private predicate isIncompleteHostNameRegExpPattern(
+    RegExpTerm regexp, RegExpSequence seq, string msg
+  ) {
+    seq = regexp.getAChild*() and
+    exists(RegExpDot unescapedDot, int i, string hostname |
+      hasTopLevelDomainEnding(seq, i) and
+      not isConstantInvalidInsideOrigin(seq.getChild([0 .. i - 1]).getAChild*()) and
+      not isLikelyCaptureGroup(seq.getChild([i .. seq.getNumChild() - 1]).getAChild*()) and
+      unescapedDot = seq.getChild([0 .. i - 1]).getAChild*() and
+      unescapedDot != seq.getChild(i - 1) and // Should not be the '.' immediately before the TLD
+      not hasConsecutiveDots(unescapedDot.getParent()) and
+      hostname =
+        seq.getChild(i - 2).getRawValue() + seq.getChild(i - 1).getRawValue() +
+          seq.getChild(i).getRawValue()
+    |
+      if unescapedDot.getParent() instanceof RegExpQuantifier
+      then
+        // `.*\.example.com` can match `evil.com/?x=.example.com`
+        //
+        // This problem only occurs when the pattern is applied against a full URL, not just a hostname/origin.
+        // We therefore check if the pattern includes a suffix after the TLD, such as `.*\.example.com/`.
+        // Note that a post-anchored pattern (`.*\.example.com$`) will usually fail to match a full URL,
+        // and patterns with neither a suffix nor an anchor fall under the purview of MissingRegExpAnchor.
+        seq.getChild(0) instanceof RegExpCaret and
+        not seq.getAChild() instanceof RegExpDollar and
+        seq.getChild([i .. i + 1]).(RegExpConstant).getValue().regexpMatch(".*[/?#].*") and
+        msg =
+          "has an unrestricted wildcard '" +
+            unescapedDot.getParent().(RegExpQuantifier).getRawValue() + "' which may cause '" +
+            hostname + "' to be matched anywhere in the URL, outside the hostname."
+      else
+        msg =
+          "has an unescaped '.' before '" + hostname +
+            "', so it might match more hosts than expected."
+    )
+  }
+
+  /**
+   * Holds if `regexp` is a regular expression that is likely to match a hostname,
+   * but the pattern is incomplete and may match more hosts than intended.
+   */
+  predicate incompleteHostnameRegExp(
+    RegExpSequence hostSequence, string message, Specific::DataFlowNode aux, string label
+  ) {
+    exists(Specific::RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
+      regexp = re.getRegExpTerm() and
+      isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
+      (
+        if re.getAParse() != re
+        then (
+          kind = "string, which is used as a regular expression $@," and
+          aux = re.getAParse()
+        ) else (
+          kind = "regular expression" and aux = re
+        )
+      )
+    |
+      message = "This " + kind + " " + msg and label = "here"
+    )
+  }
+
+  /** Holds if `term` is one of the transitive left children of a regexp. */
+  predicate isLeftArmTerm(RegExpTerm term) {
+    term.isRootTerm()
+    or
+    exists(RegExpTerm parent |
+      term = parent.getChild(0) and
+      isLeftArmTerm(parent)
+    )
+  }
+
+  /** Holds if `term` is one of the transitive right children of a regexp. */
+  predicate isRightArmTerm(RegExpTerm term) {
+    term.isRootTerm()
+    or
+    exists(RegExpTerm parent |
+      term = getLastChild(parent) and
+      isRightArmTerm(parent)
+    )
+  }
+
+  private RegExpTerm getLastChild(RegExpTerm parent) {
+    result = max(RegExpTerm child, int i | child = parent.getChild(i) | child order by i)
+  }
+}
diff --git a/shared/regex/codeql/regex/RegexTreeView.qll b/shared/regex/codeql/regex/RegexTreeView.qll
index f805bd83185..89beff34359 100644
--- a/shared/regex/codeql/regex/RegexTreeView.qll
+++ b/shared/regex/codeql/regex/RegexTreeView.qll
@@ -210,6 +210,9 @@ signature module RegexTreeViewSig {
      * not a capture group.
      */
     int getNumber();
+
+    /** Holds if this is a capture group. */
+    predicate isCapture();
   }
 
   /**
@@ -325,6 +328,20 @@ signature module RegexTreeViewSig {
     predicate isCharacter();
   }
 
+  /**
+   * A character escape in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * ```
+   */
+  class RegExpCharEscape extends RegExpEscape {
+    /** Gets the string matched by this term. */
+    string getValue();
+  }
+
   /**
    * A character class in a regular expression.
    *

From 355499ea522b628dd727de768da0725d9ba32e83 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Thu, 15 Dec 2022 14:53:46 +0100
Subject: [PATCH 57/93] move `getACommonTld` to the shared pack

---
 javascript/ql/lib/semmle/javascript/Regexp.qll    |  5 +++--
 .../javascript/security/regexp/HostnameRegexp.qll |  2 --
 .../IncompleteUrlSubstringSanitization.qll        |  2 +-
 ...IncompleteUrlSubstringSanitizationSpecific.qll |  2 ++
 .../ql/lib/semmle/python/dataflow/new/Regexp.qll  |  5 +++--
 .../python/security/regexp/HostnameRegex.qll      |  2 --
 ruby/ql/lib/codeql/ruby/Regexp.qll                |  5 +++--
 .../ruby/security/regexp/HostnameRegexp.qll       |  2 --
 .../IncompleteUrlSubstringSanitization.qll        |  2 +-
 ...IncompleteUrlSubstringSanitizationSpecific.qll |  3 ++-
 shared/regex/codeql/regex/HostnameRegexp.qll      | 15 +++++++++------
 11 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/javascript/ql/lib/semmle/javascript/Regexp.qll b/javascript/ql/lib/semmle/javascript/Regexp.qll
index fc82929500b..a8ec9ac512f 100644
--- a/javascript/ql/lib/semmle/javascript/Regexp.qll
+++ b/javascript/ql/lib/semmle/javascript/Regexp.qll
@@ -999,11 +999,12 @@ predicate isInterpretedAsRegExp(DataFlow::Node source) {
 /**
  * Provides utility predicates related to regular expressions.
  */
-module RegExpPatterns {
+deprecated module RegExpPatterns {
   /**
    * Gets a pattern that matches common top-level domain names in lower case.
+   * DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead.
    */
-  string getACommonTld() {
+  deprecated string getACommonTld() {
     // according to ranking by http://google.com/search?q=site:.<<TLD>>
     result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
   }
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll b/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
index 1922ad01bf1..4a09b7f402e 100644
--- a/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
@@ -12,8 +12,6 @@ private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
   class DataFlowNode = JS::DataFlow::Node;
 
   class RegExpPatternSource = RegExp::RegExpPatternSource;
-
-  string getACommonTld() { result = RegExp::RegExpPatterns::getACommonTld() }
 }
 
 import Shared::Make<TreeImpl, Impl>
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
index ca8b15eab29..f4405130898 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
@@ -31,7 +31,7 @@ query predicate problems(
   (
     // target contains a domain on a common TLD, and perhaps some other URL components
     target
-        .regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + RegExpPatterns::getACommonTld() +
+        .regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + HostnameRegexp::getACommonTld() +
             "(:[0-9]+)?/?")
     or
     // target is a HTTP URL to a domain on any TLD
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll
index 2d0e9e3d458..30c71450c43 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll
@@ -3,3 +3,5 @@ import semmle.javascript.dataflow.InferredTypes
 
 /** Holds if `node` may evaluate to `value` */
 predicate mayHaveStringValue(DataFlow::Node node, string value) { node.mayHaveStringValue(value) }
+
+import semmle.javascript.security.regexp.HostnameRegexp as HostnameRegexp
diff --git a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll
index 2ecde8686c3..a518fc41f46 100644
--- a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll
@@ -9,11 +9,12 @@ private import semmle.python.dataflow.new.DataFlow
 /**
  * Provides utility predicates related to regular expressions.
  */
-module RegExpPatterns {
+deprecated module RegExpPatterns {
   /**
    * Gets a pattern that matches common top-level domain names in lower case.
+   * DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead.
    */
-  string getACommonTld() {
+  deprecated string getACommonTld() {
     // according to ranking by http://google.com/search?q=site:.<<TLD>>
     result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
   }
diff --git a/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll
index db0ab155b3e..1feffcc1087 100644
--- a/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll
+++ b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll
@@ -13,8 +13,6 @@ private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
   class DataFlowNode = DataFlow::Node;
 
   class RegExpPatternSource = Regexp::RegExpPatternSource;
-
-  string getACommonTld() { result = Regexp::RegExpPatterns::getACommonTld() }
 }
 
 import Shared::Make<TreeImpl, Impl>
diff --git a/ruby/ql/lib/codeql/ruby/Regexp.qll b/ruby/ql/lib/codeql/ruby/Regexp.qll
index 0d5760491f7..e235d92ed73 100644
--- a/ruby/ql/lib/codeql/ruby/Regexp.qll
+++ b/ruby/ql/lib/codeql/ruby/Regexp.qll
@@ -15,11 +15,12 @@ private import codeql.ruby.ApiGraphs
 /**
  * Provides utility predicates related to regular expressions.
  */
-module RegExpPatterns {
+deprecated module RegExpPatterns {
   /**
    * Gets a pattern that matches common top-level domain names in lower case.
+   * DEPRECATED: use the similarly named predicate from `HostnameRegex` from the `regex` pack instead.
    */
-  string getACommonTld() {
+  deprecated string getACommonTld() {
     // according to ranking by http://google.com/search?q=site:.<<TLD>>
     result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
   }
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll b/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
index 234cf1e9593..d9b19afeb69 100644
--- a/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
@@ -12,8 +12,6 @@ private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
   class DataFlowNode = DataFlow::Node;
 
   class RegExpPatternSource = Regexp::RegExpPatternSource;
-
-  string getACommonTld() { result = Regexp::RegExpPatterns::getACommonTld() }
 }
 
 import Shared::Make<TreeImpl, Impl>
diff --git a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
index ca8b15eab29..f4405130898 100644
--- a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
+++ b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
@@ -31,7 +31,7 @@ query predicate problems(
   (
     // target contains a domain on a common TLD, and perhaps some other URL components
     target
-        .regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + RegExpPatterns::getACommonTld() +
+        .regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + HostnameRegexp::getACommonTld() +
             "(:[0-9]+)?/?")
     or
     // target is a HTTP URL to a domain on any TLD
diff --git a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll
index de439d29c75..b0bbca30b90 100644
--- a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll
+++ b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll
@@ -1,8 +1,9 @@
 import codeql.ruby.DataFlow
 import codeql.ruby.StringOps
-import codeql.ruby.Regexp::RegExpPatterns as RegExpPatterns
 
 /** Holds if `node` may evaluate to `value` */
 predicate mayHaveStringValue(DataFlow::Node node, string value) {
   node.asExpr().getConstantValue().getString() = value
 }
+
+import codeql.ruby.security.regexp.HostnameRegexp as HostnameRegexp
diff --git a/shared/regex/codeql/regex/HostnameRegexp.qll b/shared/regex/codeql/regex/HostnameRegexp.qll
index 5370e6e18a9..b40a58ab849 100644
--- a/shared/regex/codeql/regex/HostnameRegexp.qll
+++ b/shared/regex/codeql/regex/HostnameRegexp.qll
@@ -10,11 +10,6 @@ private import RegexTreeView
  * analysis on regular expressions matching hostnames.
  */
 signature module HostnameRegexpSig<RegexTreeViewSig TreeImpl> {
-  /**
-   * Gets a pattern that matches common top-level domain names in lower case.
-   */
-  string getACommonTld();
-
   /** A node in the data-flow graph. */
   class DataFlowNode;
 
@@ -97,7 +92,7 @@ module Make<RegexTreeViewSig TreeImpl, HostnameRegexpSig<TreeImpl> Specific> {
     seq.getChild(i)
         .(RegExpConstant)
         .getValue()
-        .regexpMatch("(?i)" + Specific::getACommonTld() + "(:\\d+)?([/?#].*)?") and
+        .regexpMatch("(?i)" + getACommonTld() + "(:\\d+)?([/?#].*)?") and
     isDotLike(seq.getChild(i - 1)) and
     not (i = 1 and matchesBeginningOfString(seq))
   }
@@ -265,4 +260,12 @@ module Make<RegexTreeViewSig TreeImpl, HostnameRegexpSig<TreeImpl> Specific> {
   private RegExpTerm getLastChild(RegExpTerm parent) {
     result = max(RegExpTerm child, int i | child = parent.getChild(i) | child order by i)
   }
+
+  /**
+   * Gets a pattern that matches common top-level domain names in lower case.
+   */
+  string getACommonTld() {
+    // according to ranking by http://google.com/search?q=site:.<<TLD>>
+    result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
+  }
 }

From 26c5480ee6997388b6e516164b724212d398606d Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Thu, 15 Dec 2022 21:52:02 +0100
Subject: [PATCH 58/93] share {js,rb}/regex/missing-regexp-anchor

---
 .../semmle/code/java/regex/RegexTreeView.qll  |  29 ++-
 .../ql/lib/semmle/javascript/Regexp.qll       |   7 +
 .../security/regexp/HostnameRegexp.qll        |   3 +-
 .../Security/CWE-020/MissingRegExpAnchor.ql   | 191 ++-------------
 python/ql/lib/semmle/python/RegexTreeView.qll |  27 ++-
 .../lib/codeql/ruby/regexp/RegExpTreeView.qll |   4 +-
 .../ruby/security/regexp/HostnameRegexp.qll   |   3 +-
 .../security/cwe-020/MissingRegExpAnchor.ql   | 215 ++---------------
 .../codeql/regex/MissingRegExpAnchor.qll      | 225 ++++++++++++++++++
 shared/regex/codeql/regex/RegexTreeView.qll   |  26 +-
 10 files changed, 346 insertions(+), 384 deletions(-)
 create mode 100644 shared/regex/codeql/regex/MissingRegExpAnchor.qll

diff --git a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
index d376f7d2388..c0711bb7fdc 100644
--- a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
+++ b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
@@ -85,6 +85,9 @@ module Impl implements RegexTreeViewSig {
 
     /** Gets the associated regex. */
     abstract Regex getRegex();
+
+    /** Gets the last child term of this element. */
+    RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) }
   }
 
   /**
@@ -567,6 +570,13 @@ module Impl implements RegexTreeViewSig {
     RegExpWordBoundary() { this.getChar() = "\\b" }
   }
 
+  /**
+   * A non-word boundary, that is, a regular expression term of the form `\B`.
+   */
+  class RegExpNonWordBoundary extends RegExpSpecialChar {
+    RegExpNonWordBoundary() { this.getChar() = "\\B" }
+  }
+
   /**
    * Gets the hex number for the `hex` char.
    */
@@ -922,6 +932,21 @@ module Impl implements RegexTreeViewSig {
     override string getPrimaryQLClass() { result = "RegExpDot" }
   }
 
+  /**
+   * A term that matches a specific position between characters in the string.
+   *
+   * Example:
+   *
+   * ```
+   * ^
+   * ```
+   */
+  class RegExpAnchor extends RegExpSpecialChar {
+    RegExpAnchor() { this.getChar() = ["$", "^"] }
+
+    override string getPrimaryQLClass() { result = "RegExpAnchor" }
+  }
+
   /**
    * A dollar assertion `$` matching the end of a line.
    *
@@ -931,7 +956,7 @@ module Impl implements RegexTreeViewSig {
    * $
    * ```
    */
-  class RegExpDollar extends RegExpSpecialChar {
+  class RegExpDollar extends RegExpAnchor {
     RegExpDollar() { this.getChar() = "$" }
 
     override string getPrimaryQLClass() { result = "RegExpDollar" }
@@ -946,7 +971,7 @@ module Impl implements RegexTreeViewSig {
    * ^
    * ```
    */
-  class RegExpCaret extends RegExpSpecialChar {
+  class RegExpCaret extends RegExpAnchor {
     RegExpCaret() { this.getChar() = "^" }
 
     override string getPrimaryQLClass() { result = "RegExpCaret" }
diff --git a/javascript/ql/lib/semmle/javascript/Regexp.qll b/javascript/ql/lib/semmle/javascript/Regexp.qll
index a8ec9ac512f..9cef1455746 100644
--- a/javascript/ql/lib/semmle/javascript/Regexp.qll
+++ b/javascript/ql/lib/semmle/javascript/Regexp.qll
@@ -366,6 +366,9 @@ class RegExpAnchor extends RegExpTerm, @regexp_anchor {
   override predicate isNullable() { any() }
 
   override string getAPrimaryQlClass() { result = "RegExpAnchor" }
+
+  /** Gets the char for this term. */
+  abstract string getChar();
 }
 
 /**
@@ -379,6 +382,8 @@ class RegExpAnchor extends RegExpTerm, @regexp_anchor {
  */
 class RegExpCaret extends RegExpAnchor, @regexp_caret {
   override string getAPrimaryQlClass() { result = "RegExpCaret" }
+
+  override string getChar() { result = "^" }
 }
 
 /**
@@ -392,6 +397,8 @@ class RegExpCaret extends RegExpAnchor, @regexp_caret {
  */
 class RegExpDollar extends RegExpAnchor, @regexp_dollar {
   override string getAPrimaryQlClass() { result = "RegExpDollar" }
+
+  override string getChar() { result = "$" }
 }
 
 /**
diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll b/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
index 4a09b7f402e..c9853ce35f1 100644
--- a/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
+++ b/javascript/ql/lib/semmle/javascript/security/regexp/HostnameRegexp.qll
@@ -8,7 +8,8 @@ private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView
 private import semmle.javascript.Regexp as RegExp
 private import codeql.regex.HostnameRegexp as Shared
 
-private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
+/** An implementation of the signature that allows the Hostname analysis to run. */
+module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
   class DataFlowNode = JS::DataFlow::Node;
 
   class RegExpPatternSource = RegExp::RegExpPatternSource;
diff --git a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
index 504739a68ae..abebc5943de 100644
--- a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
+++ b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
@@ -12,194 +12,38 @@
  */
 
 private import javascript
-private import semmle.javascript.security.regexp.HostnameRegexp
+private import semmle.javascript.security.regexp.HostnameRegexp as HostnameRegexp
+private import codeql.regex.MissingRegExpAnchor as MissingRegExpAnchor
+private import semmle.javascript.security.regexp.RegExpTreeView::RegExpTreeView as TreeImpl
 
-// TODO: Share the below code.
-/**
- * Holds if `term` is an anchor that is not the first or last node
- * in its tree.
- */
-predicate isInteriorAnchor(RegExpAnchor term) {
-  not isLeftArmTerm(term) and
-  not isRightArmTerm(term)
-}
-
-/**
- * Holds if `term` contains an anchor that is not the first or last node
- * in its tree, such as `(foo|bar$|baz)`.
- */
-predicate containsInteriorAnchor(RegExpTerm term) { isInteriorAnchor(term.getAChild*()) }
-
-/**
- * Holds if `term` starts with a word boundary or lookbehind assertion,
- * indicating that it's not intended to be anchored on that side.
- */
-predicate containsLeadingPseudoAnchor(RegExpSequence term) {
-  exists(RegExpTerm child | child = term.getChild(0) |
-    child instanceof RegExpWordBoundary or
-    child instanceof RegExpNonWordBoundary or
-    child instanceof RegExpLookbehind
-  )
-}
-
-/**
- * Holds if `term` ends with a word boundary or lookahead assertion,
- * indicating that it's not intended to be anchored on that side.
- */
-predicate containsTrailingPseudoAnchor(RegExpSequence term) {
-  exists(RegExpTerm child | child = term.getLastChild() |
-    child instanceof RegExpWordBoundary or
-    child instanceof RegExpNonWordBoundary or
-    child instanceof RegExpLookahead
-  )
-}
-
-/**
- * Holds if `term` is an empty sequence, usually arising from
- * literals with a trailing alternative such as `foo|`.
- */
-predicate isEmpty(RegExpSequence term) { term.getNumChild() = 0 }
-
-/**
- * Holds if `term` contains a letter constant.
- *
- * We use this as a heuristic to filter out uninteresting results.
- */
-predicate containsLetters(RegExpTerm term) {
-  term.getAChild*().(RegExpConstant).getValue().regexpMatch(".*[a-zA-Z].*")
-}
-
-/**
- * Holds if `term` consists only of an anchor and a parenthesized term,
- * such as the left side of `^(foo|bar)|baz`.
- *
- * The precedence of the anchor is likely to be intentional in this case,
- * as the group wouldn't be needed otherwise.
- */
-predicate isAnchoredGroup(RegExpSequence term) {
-  term.getNumChild() = 2 and
-  term.getAChild() instanceof RegExpAnchor and
-  term.getAChild() instanceof RegExpGroup
-}
-
-/**
- * Holds if `alt` has an explicitly anchored group, such as `^(foo|bar)|baz`
- * and doesn't have any unnecessary groups, such as in `^(foo)|(bar)`.
- */
-predicate hasExplicitAnchorPrecedence(RegExpAlt alt) {
-  isAnchoredGroup(alt.getAChild()) and
-  not alt.getAChild() instanceof RegExpGroup
-}
-
-/**
- * Holds if `src` is a pattern for a collection of alternatives where
- * only the first or last alternative is anchored, indicating a
- * precedence mistake explained by `msg`.
- *
- * The canonical example of such a mistake is: `^a|b|c`, which is
- * parsed as `(^a)|(b)|(c)`.
- */
-predicate hasMisleadingAnchorPrecedence(RegExpPatternSource src, string msg) {
-  exists(RegExpAlt root, RegExpSequence anchoredTerm, string direction |
-    root = src.getRegExpTerm() and
-    not containsInteriorAnchor(root) and
-    not isEmpty(root.getAChild()) and
-    not hasExplicitAnchorPrecedence(root) and
-    containsLetters(anchoredTerm) and
-    (
-      anchoredTerm = root.getChild(0) and
-      anchoredTerm.getChild(0) instanceof RegExpCaret and
-      not containsLeadingPseudoAnchor(root.getChild([1 .. root.getNumChild() - 1])) and
-      containsLetters(root.getChild([1 .. root.getNumChild() - 1])) and
-      direction = "beginning"
-      or
-      anchoredTerm = root.getLastChild() and
-      anchoredTerm.getLastChild() instanceof RegExpDollar and
-      not containsTrailingPseudoAnchor(root.getChild([0 .. root.getNumChild() - 2])) and
-      containsLetters(root.getChild([0 .. root.getNumChild() - 2])) and
-      direction = "end"
-    ) and
-    // is not used for replace
-    not exists(DataFlow::MethodCallNode replace |
-      replace.getMethodName() = "replace" and
-      src.getARegExpObject().flowsTo(replace.getArgument(0))
-    ) and
-    msg =
-      "Misleading operator precedence. The subexpression '" + anchoredTerm.getRawValue() +
-        "' is anchored at the " + direction +
-        ", but the other parts of this regular expression are not"
-  )
-}
-
-/**
- * Holds if `term` is a final term, that is, no term will match anything after this one.
- */
-predicate isFinalRegExpTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpSequence seq |
-    isFinalRegExpTerm(seq) and
-    term = seq.getLastChild()
-  )
-  or
-  exists(RegExpTerm parent |
-    isFinalRegExpTerm(parent) and
-    term = parent.getAChild() and
-    not parent instanceof RegExpSequence and
-    not parent instanceof RegExpQuantifier
-  )
-}
-
-/**
- * Holds if `src` contains a hostname pattern that is missing a `$` anchor.
- */
-predicate isSemiAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  not hasMisleadingAnchorPrecedence(src, _) and // avoid double reporting
-  exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld, i) and
-    isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
-    tld.getChild(0) instanceof RegExpCaret and
-    msg =
-      "This hostname pattern may match any domain name, as it is missing a '$' or '/' at the end."
-  )
-}
-
-/**
- * Holds if `src` is an unanchored pattern for a URL, indicating a
- * mistake explained by `msg`.
- */
-predicate isUnanchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  exists(RegExpTerm term, RegExpSequence tld | term = src.getRegExpTerm() |
-    alwaysMatchesHostname(term) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld) and
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    not term.getAChild*() instanceof RegExpAnchor and
-    // that is not used for capture or replace
-    not exists(DataFlow::MethodCallNode mcn, string name | name = mcn.getMethodName() |
+private module Impl implements
+MissingRegExpAnchor::MissingRegExpAnchorSig<TreeImpl, HostnameRegexp::Impl> {
+  predicate isUsedAsReplace(RegExpPatternSource pattern) {
+    // is used for capture or replace
+    exists(DataFlow::MethodCallNode mcn, string name | name = mcn.getMethodName() |
       name = "exec" and
-      mcn = src.getARegExpObject().getAMethodCall() and
+      mcn = pattern.getARegExpObject().getAMethodCall() and
       exists(mcn.getAPropertyRead())
       or
       exists(DataFlow::Node arg |
         arg = mcn.getArgument(0) and
         (
-          src.getARegExpObject().flowsTo(arg) or
-          src.getAParse() = arg
+          pattern.getARegExpObject().flowsTo(arg) or
+          pattern.getAParse() = arg
         )
       |
         name = "replace"
         or
         name = "match" and exists(mcn.getAPropertyRead())
       )
-    ) and
-    msg =
-      "When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it."
-  )
+    )
+  }
+
+  string getEndAnchorText() { result = "$" }
 }
 
+import MissingRegExpAnchor::Make<TreeImpl, HostnameRegexp::Impl, Impl>
+
 from DataFlow::Node nd, string msg
 where
   isUnanchoredHostnameRegExp(nd, msg)
@@ -207,4 +51,5 @@ where
   isSemiAnchoredHostnameRegExp(nd, msg)
   or
   hasMisleadingAnchorPrecedence(nd, msg)
+// isLineAnchoredHostnameRegExp is not used here, as it is not relevant to JS.
 select nd, msg
diff --git a/python/ql/lib/semmle/python/RegexTreeView.qll b/python/ql/lib/semmle/python/RegexTreeView.qll
index 5be80d94ec4..cdc1ca3adc2 100644
--- a/python/ql/lib/semmle/python/RegexTreeView.qll
+++ b/python/ql/lib/semmle/python/RegexTreeView.qll
@@ -102,6 +102,9 @@ module Impl implements RegexTreeViewSig {
     /** Gets the number of child terms. */
     int getNumChild() { result = count(this.getAChild()) }
 
+    /** Gets the last child term of this element. */
+    RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) }
+
     /** Gets the associated regex. */
     abstract Regex getRegex();
   }
@@ -561,6 +564,13 @@ module Impl implements RegexTreeViewSig {
     RegExpWordBoundary() { this.getChar() = "\\b" }
   }
 
+  /**
+   * A non-word boundary, that is, a regular expression term of the form `\B`.
+   */
+  class RegExpNonWordBoundary extends RegExpSpecialChar {
+    RegExpNonWordBoundary() { this.getChar() = "\\B" }
+  }
+
   /**
    * A character class escape in a regular expression.
    * That is, an escaped character that denotes multiple characters.
@@ -829,6 +839,19 @@ module Impl implements RegexTreeViewSig {
     override string getPrimaryQLClass() { result = "RegExpDot" }
   }
 
+  /**
+   * A term that matches a specific position between characters in the string.
+   *
+   * Example:
+   *
+   * ```
+   * \A
+   * ```
+   */
+  class RegExpAnchor extends RegExpSpecialChar {
+    RegExpAnchor() { this.getChar() = ["^", "$"] }
+  }
+
   /**
    * A dollar assertion `$` or `\Z` matching the end of a line.
    *
@@ -838,7 +861,7 @@ module Impl implements RegexTreeViewSig {
    * $
    * ```
    */
-  class RegExpDollar extends RegExpSpecialChar {
+  class RegExpDollar extends RegExpAnchor {
     RegExpDollar() { this.getChar() = ["$", "\\Z"] }
 
     override string getPrimaryQLClass() { result = "RegExpDollar" }
@@ -853,7 +876,7 @@ module Impl implements RegexTreeViewSig {
    * ^
    * ```
    */
-  class RegExpCaret extends RegExpSpecialChar {
+  class RegExpCaret extends RegExpAnchor {
     RegExpCaret() { this.getChar() = ["^", "\\A"] }
 
     override string getPrimaryQLClass() { result = "RegExpCaret" }
diff --git a/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll b/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
index 3f56d3f59b0..b11efbdd268 100644
--- a/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
+++ b/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
@@ -620,7 +620,7 @@ private module Impl implements RegexTreeViewSig {
   /**
    * A non-word boundary, that is, a regular expression term of the form `\B`.
    */
-  additional class RegExpNonWordBoundary extends RegExpSpecialChar {
+  class RegExpNonWordBoundary extends RegExpSpecialChar {
     RegExpNonWordBoundary() { this.getChar() = "\\B" }
 
     override string getAPrimaryQlClass() { result = "RegExpNonWordBoundary" }
@@ -926,7 +926,7 @@ private module Impl implements RegexTreeViewSig {
    * \A
    * ```
    */
-  additional class RegExpAnchor extends RegExpSpecialChar {
+  class RegExpAnchor extends RegExpSpecialChar {
     RegExpAnchor() { this.getChar() = ["^", "$", "\\A", "\\Z", "\\z"] }
 
     override string getAPrimaryQlClass() { result = "RegExpAnchor" }
diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll b/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
index d9b19afeb69..88e07527bb7 100644
--- a/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/HostnameRegexp.qll
@@ -8,7 +8,8 @@ private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeImpl
 private import codeql.ruby.Regexp as Regexp
 private import codeql.regex.HostnameRegexp as Shared
 
-private module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
+/** An implementation of the signature that allows the Hostname analysis to run. */
+module Impl implements Shared::HostnameRegexpSig<TreeImpl> {
   class DataFlowNode = DataFlow::Node;
 
   class RegExpPatternSource = Regexp::RegExpPatternSource;
diff --git a/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql b/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
index e39fb9d4f67..afbef214159 100644
--- a/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
+++ b/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
@@ -14,216 +14,29 @@
 import codeql.ruby.DataFlow
 import codeql.ruby.regexp.RegExpTreeView
 import codeql.ruby.Regexp
-private import codeql.ruby.security.regexp.HostnameRegexp
+private import codeql.ruby.security.regexp.HostnameRegexp as HostnameRegexp
+private import codeql.regex.MissingRegExpAnchor as MissingRegExpAnchor
+private import codeql.ruby.regexp.RegExpTreeView::RegexTreeView as TreeImpl
 
-/**
- * Holds if `term` is a final term, that is, no term will match anything after this one.
- */
-predicate isFinalRegExpTerm(RegExpTerm term) {
-  term.isRootTerm()
-  or
-  exists(RegExpSequence seq |
-    isFinalRegExpTerm(seq) and
-    term = seq.getLastChild()
-  )
-  or
-  exists(RegExpTerm parent |
-    isFinalRegExpTerm(parent) and
-    term = parent.getAChild() and
-    not parent instanceof RegExpSequence and
-    not parent instanceof RegExpQuantifier
-  )
-}
-
-/**
- * Holds if `term` is an anchor that is not the first or last node
- * in its tree.
- */
-predicate isInteriorAnchor(RegExpAnchor term) {
-  not isLeftArmTerm(term) and
-  not isRightArmTerm(term)
-}
-
-/**
- * Holds if `term` contains an anchor that is not the first or last node
- * in its tree, such as `(foo|bar$|baz)`.
- */
-predicate containsInteriorAnchor(RegExpTerm term) { isInteriorAnchor(term.getAChild*()) }
-
-/**
- * Holds if `term` starts with a word boundary or lookbehind assertion,
- * indicating that it's not intended to be anchored on that side.
- */
-predicate containsLeadingPseudoAnchor(RegExpSequence term) {
-  exists(RegExpTerm child | child = term.getChild(0) |
-    child instanceof RegExpWordBoundary or
-    child instanceof RegExpNonWordBoundary or
-    child instanceof RegExpLookbehind
-  )
-}
-
-/**
- * Holds if `term` ends with a word boundary or lookahead assertion,
- * indicating that it's not intended to be anchored on that side.
- */
-predicate containsTrailingPseudoAnchor(RegExpSequence term) {
-  exists(RegExpTerm child | child = term.getLastChild() |
-    child instanceof RegExpWordBoundary or
-    child instanceof RegExpNonWordBoundary or
-    child instanceof RegExpLookahead
-  )
-}
-
-/**
- * Holds if `term` is an empty sequence, usually arising from
- * literals with a trailing alternative such as `foo|`.
- */
-predicate isEmpty(RegExpSequence term) { term.getNumChild() = 0 }
-
-/**
- * Holds if `term` contains a letter constant.
- *
- * We use this as a heuristic to filter out uninteresting results.
- */
-predicate containsLetters(RegExpTerm term) {
-  term.getAChild*().(RegExpConstant).getValue().regexpMatch(".*[a-zA-Z].*")
-}
-
-/**
- * Holds if `alt` has an explicitly anchored group, such as `^(foo|bar)|baz`
- * and doesn't have any unnecessary groups, such as in `^(foo)|(bar)`.
- */
-predicate hasExplicitAnchorPrecedence(RegExpAlt alt) {
-  isAnchoredGroup(alt.getAChild()) and
-  not alt.getAChild() instanceof RegExpGroup
-}
-
-/**
- * Holds if `term` consists only of an anchor and a parenthesized term,
- * such as the left side of `^(foo|bar)|baz`.
- *
- * The precedence of the anchor is likely to be intentional in this case,
- * as the group wouldn't be needed otherwise.
- */
-predicate isAnchoredGroup(RegExpSequence term) {
-  term.getNumChild() = 2 and
-  term.getAChild() instanceof RegExpAnchor and
-  term.getAChild() instanceof RegExpGroup
-}
-
-/**
- * Holds if `src` is a pattern for a collection of alternatives where
- * only the first or last alternative is anchored, indicating a
- * precedence mistake explained by `msg`.
- *
- * The canonical example of such a mistake is: `^a|b|c`, which is
- * parsed as `(^a)|(b)|(c)`.
- */
-predicate hasMisleadingAnchorPrecedence(RegExpPatternSource src, string msg) {
-  exists(RegExpAlt root, RegExpSequence anchoredTerm, string direction |
-    root = src.getRegExpTerm() and
-    not containsInteriorAnchor(root) and
-    not isEmpty(root.getAChild()) and
-    not hasExplicitAnchorPrecedence(root) and
-    containsLetters(anchoredTerm) and
-    (
-      anchoredTerm = root.getChild(0) and
-      anchoredTerm.getChild(0) instanceof RegExpCaret and
-      not containsLeadingPseudoAnchor(root.getChild([1 .. root.getNumChild() - 1])) and
-      containsLetters(root.getChild([1 .. root.getNumChild() - 1])) and
-      direction = "beginning"
-      or
-      anchoredTerm = root.getLastChild() and
-      anchoredTerm.getLastChild() instanceof RegExpDollar and
-      not containsTrailingPseudoAnchor(root.getChild([0 .. root.getNumChild() - 2])) and
-      containsLetters(root.getChild([0 .. root.getNumChild() - 2])) and
-      direction = "end"
-    ) and
-    // that is not used for string replacement
-    not exists(DataFlow::CallNode mcn, DataFlow::Node arg, string name |
+private module Impl implements
+MissingRegExpAnchor::MissingRegExpAnchorSig<TreeImpl, HostnameRegexp::Impl> {
+  predicate isUsedAsReplace(RegExpPatternSource pattern) {
+    exists(DataFlow::CallNode mcn, DataFlow::Node arg, string name |
       name = mcn.getMethodName() and
       arg = mcn.getArgument(0)
     |
       (
-        src.getAParse().(DataFlow::LocalSourceNode).flowsTo(arg) or
-        src.getAParse() = arg
+        pattern.getAParse().(DataFlow::LocalSourceNode).flowsTo(arg) or
+        pattern.getAParse() = arg
       ) and
       name = ["sub", "sub!", "gsub", "gsub!"]
-    ) and
-    msg =
-      "Misleading operator precedence. The subexpression '" + anchoredTerm.getRawValue() +
-        "' is anchored at the " + direction +
-        ", but the other parts of this regular expression are not"
-  )
+    )
+  }
+
+  string getEndAnchorText() { result = "\\z" }
 }
 
-/**
- * Holds if `src` contains a hostname pattern that uses the `^/$` line anchors
- * rather than `\A/\z` which match the start/end of the whole string.
- */
-predicate isLineAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  // TODO: <- this one is Ruby specific.
-  // avoid double reporting
-  not (
-    isSemiAnchoredHostnameRegExp(src, _) or
-    hasMisleadingAnchorPrecedence(src, _)
-  ) and
-  exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld, i) and
-    isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
-    (
-      tld.getChild(0).(RegExpCaret).getChar() = "^" or
-      tld.getLastChild().(RegExpDollar).getChar() = "$"
-    ) and
-    msg =
-      "This hostname pattern uses anchors such as '^' and '$', which match the start and end of a line, not the whole string. Use '\\A' and '\\z' instead."
-  )
-}
-
-/**
- * Holds if `src` contains a hostname pattern that is missing a `$` anchor.
- */
-predicate isSemiAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  not hasMisleadingAnchorPrecedence(src, _) and // avoid double reporting
-  exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld, i) and
-    isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
-    tld.getChild(0) instanceof RegExpCaret and
-    msg =
-      "This hostname pattern may match any domain name, as it is missing a '\\z' or '/' at the end."
-  )
-}
-
-/**
- * Holds if `src` is an unanchored pattern for a URL, indicating a
- * mistake explained by `msg`.
- */
-predicate isUnanchoredHostnameRegExp(RegExpPatternSource src, string msg) {
-  exists(RegExpTerm term, RegExpSequence tld | term = src.getRegExpTerm() |
-    alwaysMatchesHostname(term) and
-    tld = term.getAChild*() and
-    hasTopLevelDomainEnding(tld) and
-    not isConstantInvalidInsideOrigin(term.getAChild*()) and
-    not term.getAChild*() instanceof RegExpAnchor and
-    // that is not used for string replacement
-    not exists(DataFlow::CallNode mcn, DataFlow::Node arg, string name |
-      name = mcn.getMethodName() and
-      arg = mcn.getArgument(0)
-    |
-      (
-        src.getAParse().(DataFlow::LocalSourceNode).flowsTo(arg) or
-        src.getAParse() = arg
-      ) and
-      name = ["sub", "sub!", "gsub", "gsub!"]
-    ) and
-    msg =
-      "When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it."
-  )
-}
+import MissingRegExpAnchor::Make<TreeImpl, HostnameRegexp::Impl, Impl>
 
 from DataFlow::Node nd, string msg
 where
diff --git a/shared/regex/codeql/regex/MissingRegExpAnchor.qll b/shared/regex/codeql/regex/MissingRegExpAnchor.qll
new file mode 100644
index 00000000000..cbb54c5b5ca
--- /dev/null
+++ b/shared/regex/codeql/regex/MissingRegExpAnchor.qll
@@ -0,0 +1,225 @@
+/**
+ * Provides predicates for reasoning about regular expressions
+ * without anchors.
+ */
+
+private import RegexTreeView
+import HostnameRegexp as HostnameShared
+
+/**
+ * A signature specifying the required parts to perform an
+ * analysis on regular expressions without anchors.
+ *
+ * This analysis requires the hostname analysis to be available.
+ */
+signature module MissingRegExpAnchorSig<
+RegexTreeViewSig TreeImpl, HostnameShared::HostnameRegexpSig<TreeImpl> Specific> {
+  predicate isUsedAsReplace(Specific::RegExpPatternSource pattern);
+
+  /** Gets a string representation of an end anchor from a regular expression. */
+  string getEndAnchorText();
+}
+
+/**
+ * Classes and predicates implementing an analysis on regular expressions
+ * without anchors.
+ */
+module Make<
+RegexTreeViewSig TreeImpl, HostnameShared::HostnameRegexpSig<TreeImpl> HostnameImpl,
+MissingRegExpAnchorSig<TreeImpl, HostnameImpl> Impl> {
+  private import TreeImpl
+  private import HostnameShared::Make<TreeImpl, HostnameImpl> as HostnameRegexp
+  private import HostnameImpl
+  private import Impl
+
+  /**
+   * Holds if `term` is a final term, that is, no term will match anything after this one.
+   */
+  predicate isFinalRegExpTerm(RegExpTerm term) {
+    term.isRootTerm()
+    or
+    exists(RegExpSequence seq |
+      isFinalRegExpTerm(seq) and
+      term = seq.getLastChild()
+    )
+    or
+    exists(RegExpTerm parent |
+      isFinalRegExpTerm(parent) and
+      term = parent.getAChild() and
+      not parent instanceof RegExpSequence and
+      not parent instanceof RegExpQuantifier
+    )
+  }
+
+  /**
+   * Holds if `term` is an anchor that is not the first or last node
+   * in its tree.
+   */
+  predicate isInteriorAnchor(RegExpAnchor term) {
+    not HostnameRegexp::isLeftArmTerm(term) and
+    not HostnameRegexp::isRightArmTerm(term)
+  }
+
+  /**
+   * Holds if `term` contains an anchor that is not the first or last node
+   * in its tree, such as `(foo|bar$|baz)`.
+   */
+  predicate containsInteriorAnchor(RegExpTerm term) { isInteriorAnchor(term.getAChild*()) }
+
+  /**
+   * Holds if `term` starts with a word boundary or lookbehind assertion,
+   * indicating that it's not intended to be anchored on that side.
+   */
+  predicate containsLeadingPseudoAnchor(RegExpSequence term) {
+    exists(RegExpTerm child | child = term.getChild(0) |
+      child instanceof RegExpWordBoundary or
+      child instanceof RegExpNonWordBoundary or
+      child instanceof RegExpLookbehind
+    )
+  }
+
+  /**
+   * Holds if `term` ends with a word boundary or lookahead assertion,
+   * indicating that it's not intended to be anchored on that side.
+   */
+  predicate containsTrailingPseudoAnchor(RegExpSequence term) {
+    exists(RegExpTerm child | child = term.getLastChild() |
+      child instanceof RegExpWordBoundary or
+      child instanceof RegExpNonWordBoundary or
+      child instanceof RegExpLookahead
+    )
+  }
+
+  /**
+   * Holds if `term` is an empty sequence, usually arising from
+   * literals with a trailing alternative such as `foo|`.
+   */
+  predicate isEmpty(RegExpSequence term) { term.getNumChild() = 0 }
+
+  /**
+   * Holds if `term` contains a letter constant.
+   *
+   * We use this as a heuristic to filter out uninteresting results.
+   */
+  predicate containsLetters(RegExpTerm term) {
+    term.getAChild*().(RegExpConstant).getValue().regexpMatch(".*[a-zA-Z].*")
+  }
+
+  /**
+   * Holds if `term` consists only of an anchor and a parenthesized term,
+   * such as the left side of `^(foo|bar)|baz`.
+   *
+   * The precedence of the anchor is likely to be intentional in this case,
+   * as the group wouldn't be needed otherwise.
+   */
+  predicate isAnchoredGroup(RegExpSequence term) {
+    term.getNumChild() = 2 and
+    term.getAChild() instanceof RegExpAnchor and
+    term.getAChild() instanceof RegExpGroup
+  }
+
+  /**
+   * Holds if `alt` has an explicitly anchored group, such as `^(foo|bar)|baz`
+   * and doesn't have any unnecessary groups, such as in `^(foo)|(bar)`.
+   */
+  predicate hasExplicitAnchorPrecedence(RegExpAlt alt) {
+    isAnchoredGroup(alt.getAChild()) and
+    not alt.getAChild() instanceof RegExpGroup
+  }
+
+  /**
+   * Holds if `src` is a pattern for a collection of alternatives where
+   * only the first or last alternative is anchored, indicating a
+   * precedence mistake explained by `msg`.
+   *
+   * The canonical example of such a mistake is: `^a|b|c`, which is
+   * parsed as `(^a)|(b)|(c)`.
+   */
+  predicate hasMisleadingAnchorPrecedence(RegExpPatternSource src, string msg) {
+    exists(RegExpAlt root, RegExpSequence anchoredTerm, string direction |
+      root = src.getRegExpTerm() and
+      not containsInteriorAnchor(root) and
+      not isEmpty(root.getAChild()) and
+      not hasExplicitAnchorPrecedence(root) and
+      containsLetters(anchoredTerm) and
+      (
+        anchoredTerm = root.getChild(0) and
+        anchoredTerm.getChild(0) instanceof RegExpCaret and
+        not containsLeadingPseudoAnchor(root.getChild([1 .. root.getNumChild() - 1])) and
+        containsLetters(root.getChild([1 .. root.getNumChild() - 1])) and
+        direction = "beginning"
+        or
+        anchoredTerm = root.getLastChild() and
+        anchoredTerm.getLastChild() instanceof RegExpDollar and
+        not containsTrailingPseudoAnchor(root.getChild([0 .. root.getNumChild() - 2])) and
+        containsLetters(root.getChild([0 .. root.getNumChild() - 2])) and
+        direction = "end"
+      ) and
+      // is not used for replace
+      not isUsedAsReplace(src) and
+      msg =
+        "Misleading operator precedence. The subexpression '" + anchoredTerm.getRawValue() +
+          "' is anchored at the " + direction +
+          ", but the other parts of this regular expression are not"
+    )
+  }
+
+  /**
+   * Holds if `src` contains a hostname pattern that is missing a `$` anchor.
+   */
+  predicate isSemiAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
+    not hasMisleadingAnchorPrecedence(src, _) and // avoid double reporting
+    exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
+      not HostnameRegexp::isConstantInvalidInsideOrigin(term.getAChild*()) and
+      tld = term.getAChild*() and
+      HostnameRegexp::hasTopLevelDomainEnding(tld, i) and
+      isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
+      tld.getChild(0) instanceof RegExpCaret and
+      msg =
+        "This hostname pattern may match any domain name, as it is missing a '" + getEndAnchorText()
+          + "' or '/' at the end."
+    )
+  }
+
+  /**
+   * Holds if `src` is an unanchored pattern for a URL, indicating a
+   * mistake explained by `msg`.
+   */
+  predicate isUnanchoredHostnameRegExp(RegExpPatternSource src, string msg) {
+    exists(RegExpTerm term, RegExpSequence tld | term = src.getRegExpTerm() |
+      HostnameRegexp::alwaysMatchesHostname(term) and
+      tld = term.getAChild*() and
+      HostnameRegexp::hasTopLevelDomainEnding(tld) and
+      not HostnameRegexp::isConstantInvalidInsideOrigin(term.getAChild*()) and
+      not term.getAChild*() instanceof RegExpAnchor and
+      // that is not used for string replacement
+      not isUsedAsReplace(src) and
+      msg =
+        "When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it."
+    )
+  }
+
+  /**
+   * Holds if `src` contains a hostname pattern that uses the `^/$` line anchors
+   * rather than `\A/\z` which match the start/end of the whole string.
+   */
+  predicate isLineAnchoredHostnameRegExp(RegExpPatternSource src, string msg) {
+    // avoid double reporting
+    not (
+      isSemiAnchoredHostnameRegExp(src, _) or
+      hasMisleadingAnchorPrecedence(src, _)
+    ) and
+    exists(RegExpTerm term, RegExpSequence tld, int i | term = src.getRegExpTerm() |
+      not HostnameRegexp::isConstantInvalidInsideOrigin(term.getAChild*()) and
+      tld = term.getAChild*() and
+      HostnameRegexp::hasTopLevelDomainEnding(tld, i) and
+      isFinalRegExpTerm(tld.getChild(i)) and // nothing is matched after the TLD
+      (
+        tld.getChild(0).(RegExpCaret).getChar() = "^" or
+        tld.getLastChild().(RegExpDollar).getChar() = "$"
+      ) and
+      msg =
+        "This hostname pattern uses anchors such as '^' and '$', which match the start and end of a line, not the whole string. Use '\\A' and '\\z' instead."
+    )
+  }
+}
diff --git a/shared/regex/codeql/regex/RegexTreeView.qll b/shared/regex/codeql/regex/RegexTreeView.qll
index 89beff34359..03d8fcfcbcd 100644
--- a/shared/regex/codeql/regex/RegexTreeView.qll
+++ b/shared/regex/codeql/regex/RegexTreeView.qll
@@ -73,6 +73,9 @@ signature module RegexTreeViewSig {
     /** Gets the regular expression term that is matched (textually) after this one, if any. */
     RegExpTerm getSuccessor();
 
+    /** Gets the last child term of this element. */
+    RegExpTerm getLastChild();
+
     string toString();
 
     predicate hasLocationInfo(
@@ -149,6 +152,11 @@ signature module RegexTreeViewSig {
     int getUpperBound();
   }
 
+  /**
+   * A non-word boundary, that is, a regular expression term of the form `\B`.
+   */
+  class RegExpNonWordBoundary extends RegExpTerm;
+
   /**
    * An escaped regular expression term, that is, a regular expression
    * term starting with a backslash.
@@ -387,6 +395,20 @@ signature module RegexTreeViewSig {
    */
   class RegExpDot extends RegExpTerm;
 
+  /**
+   * A term that matches a specific position between characters in the string.
+   *
+   * Example:
+   *
+   * ```
+   * \A
+   * ```
+   */
+  class RegExpAnchor extends RegExpTerm {
+    /** Gets the char for this term. */
+    string getChar();
+  }
+
   /**
    * A dollar assertion `$` matching the end of a line.
    *
@@ -396,7 +418,7 @@ signature module RegexTreeViewSig {
    * $
    * ```
    */
-  class RegExpDollar extends RegExpTerm;
+  class RegExpDollar extends RegExpAnchor;
 
   /**
    * A caret assertion `^` matching the beginning of a line.
@@ -407,7 +429,7 @@ signature module RegexTreeViewSig {
    * ^
    * ```
    */
-  class RegExpCaret extends RegExpTerm;
+  class RegExpCaret extends RegExpAnchor;
 
   /**
    * A word boundary assertion.

From ba7321ac5c22130a4cacc8a4099759dac62f768d Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Sat, 17 Dec 2022 17:28:07 +0100
Subject: [PATCH 59/93] add qldoc to RegExpCharEscape

---
 java/ql/lib/semmle/code/java/regex/RegexTreeView.qll | 9 +++++++++
 python/ql/lib/semmle/python/RegexTreeView.qll        | 9 +++++++++
 ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll    | 9 +++++++++
 3 files changed, 27 insertions(+)

diff --git a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
index c0711bb7fdc..cb770ffe48a 100644
--- a/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
+++ b/java/ql/lib/semmle/code/java/regex/RegexTreeView.qll
@@ -561,6 +561,15 @@ module Impl implements RegexTreeViewSig {
     }
   }
 
+  /**
+   * A character escape in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * ```
+   */
   class RegExpCharEscape = RegExpEscape;
 
   /**
diff --git a/python/ql/lib/semmle/python/RegexTreeView.qll b/python/ql/lib/semmle/python/RegexTreeView.qll
index cdc1ca3adc2..a05ee87e6a7 100644
--- a/python/ql/lib/semmle/python/RegexTreeView.qll
+++ b/python/ql/lib/semmle/python/RegexTreeView.qll
@@ -457,6 +457,15 @@ module Impl implements RegexTreeViewSig {
     override string getPrimaryQLClass() { result = "RegExpAlt" }
   }
 
+  /**
+   * A character escape in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * ```
+   */
   class RegExpCharEscape = RegExpEscape;
 
   /**
diff --git a/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll b/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
index b11efbdd268..38d5de5d33a 100644
--- a/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
+++ b/ruby/ql/lib/codeql/ruby/regexp/RegExpTreeView.qll
@@ -539,6 +539,15 @@ private module Impl implements RegexTreeViewSig {
     override predicate isNullable() { this.getAChild().isNullable() }
   }
 
+  /**
+   * A character escape in a regular expression.
+   *
+   * Example:
+   *
+   * ```
+   * \.
+   * ```
+   */
   class RegExpCharEscape = RegExpEscape;
 
   /**

From 35e8d6afd49053279a4ee278db83f35a62669956 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Sat, 17 Dec 2022 22:55:49 +0100
Subject: [PATCH 60/93] move getACommonTld into a utility module without
 parameters

---
 .../IncompleteUrlSubstringSanitization.qll    |  5 +-
 ...mpleteUrlSubstringSanitizationSpecific.qll |  2 +-
 .../IncompleteUrlSubstringSanitization.qll    |  5 +-
 ...mpleteUrlSubstringSanitizationSpecific.qll |  2 -
 shared/regex/codeql/regex/HostnameRegexp.qll  | 67 +++++++++++--------
 5 files changed, 43 insertions(+), 38 deletions(-)

diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
index f4405130898..8718bff5963 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
@@ -3,6 +3,7 @@
  */
 
 private import IncompleteUrlSubstringSanitizationSpecific
+private import codeql.regex.HostnameRegexp::Utils
 
 /**
  * A check on a string for whether it contains a given substring, possibly with restrictions on the location of the substring.
@@ -30,9 +31,7 @@ query predicate problems(
   mayHaveStringValue(substring, target) and
   (
     // target contains a domain on a common TLD, and perhaps some other URL components
-    target
-        .regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + HostnameRegexp::getACommonTld() +
-            "(:[0-9]+)?/?")
+    target.regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + getACommonTld() + "(:[0-9]+)?/?")
     or
     // target is a HTTP URL to a domain on any TLD
     target.regexpMatch("(?i)https?://([a-z0-9-]+\\.)+([a-z]+)(:[0-9]+)?/?")
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll
index 30c71450c43..39cae5fdc28 100644
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitizationSpecific.qll
@@ -4,4 +4,4 @@ import semmle.javascript.dataflow.InferredTypes
 /** Holds if `node` may evaluate to `value` */
 predicate mayHaveStringValue(DataFlow::Node node, string value) { node.mayHaveStringValue(value) }
 
-import semmle.javascript.security.regexp.HostnameRegexp as HostnameRegexp
+import codeql.regex.HostnameRegexp::Utils
diff --git a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
index f4405130898..8718bff5963 100644
--- a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
+++ b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
@@ -3,6 +3,7 @@
  */
 
 private import IncompleteUrlSubstringSanitizationSpecific
+private import codeql.regex.HostnameRegexp::Utils
 
 /**
  * A check on a string for whether it contains a given substring, possibly with restrictions on the location of the substring.
@@ -30,9 +31,7 @@ query predicate problems(
   mayHaveStringValue(substring, target) and
   (
     // target contains a domain on a common TLD, and perhaps some other URL components
-    target
-        .regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + HostnameRegexp::getACommonTld() +
-            "(:[0-9]+)?/?")
+    target.regexpMatch("(?i)([a-z]*:?//)?\\.?([a-z0-9-]+\\.)+" + getACommonTld() + "(:[0-9]+)?/?")
     or
     // target is a HTTP URL to a domain on any TLD
     target.regexpMatch("(?i)https?://([a-z0-9-]+\\.)+([a-z]+)(:[0-9]+)?/?")
diff --git a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll
index b0bbca30b90..c985805e3eb 100644
--- a/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll
+++ b/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitizationSpecific.qll
@@ -5,5 +5,3 @@ import codeql.ruby.StringOps
 predicate mayHaveStringValue(DataFlow::Node node, string value) {
   node.asExpr().getConstantValue().getString() = value
 }
-
-import codeql.ruby.security.regexp.HostnameRegexp as HostnameRegexp
diff --git a/shared/regex/codeql/regex/HostnameRegexp.qll b/shared/regex/codeql/regex/HostnameRegexp.qll
index b40a58ab849..4470f1c1ab7 100644
--- a/shared/regex/codeql/regex/HostnameRegexp.qll
+++ b/shared/regex/codeql/regex/HostnameRegexp.qll
@@ -11,7 +11,10 @@ private import RegexTreeView
  */
 signature module HostnameRegexpSig<RegexTreeViewSig TreeImpl> {
   /** A node in the data-flow graph. */
-  class DataFlowNode;
+  class DataFlowNode {
+    /** Gets a string representation of this node. */
+    string toString();
+  }
 
   /** A node in the data-flow graph that represents a regular expression pattern. */
   class RegExpPatternSource extends DataFlowNode {
@@ -28,12 +31,26 @@ signature module HostnameRegexpSig<RegexTreeViewSig TreeImpl> {
   }
 }
 
+/**
+ * Utility predicates and classes that doesn't depend on any signature.
+ */
+module Utils {
+  /**
+   * Gets a pattern that matches common top-level domain names in lower case.
+   */
+  string getACommonTld() {
+    // according to ranking by http://google.com/search?q=site:.<<TLD>>
+    result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
+  }
+}
+
 /**
  * Classes and predicates implementing an analysis on regular expressions
  * that match URLs and hostname patterns.
  */
 module Make<RegexTreeViewSig TreeImpl, HostnameRegexpSig<TreeImpl> Specific> {
   private import TreeImpl
+  import Utils
 
   /**
    * Holds if the given constant is unlikely to occur in the origin part of a URL.
@@ -213,30 +230,6 @@ module Make<RegexTreeViewSig TreeImpl, HostnameRegexpSig<TreeImpl> Specific> {
     )
   }
 
-  /**
-   * Holds if `regexp` is a regular expression that is likely to match a hostname,
-   * but the pattern is incomplete and may match more hosts than intended.
-   */
-  predicate incompleteHostnameRegExp(
-    RegExpSequence hostSequence, string message, Specific::DataFlowNode aux, string label
-  ) {
-    exists(Specific::RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
-      regexp = re.getRegExpTerm() and
-      isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
-      (
-        if re.getAParse() != re
-        then (
-          kind = "string, which is used as a regular expression $@," and
-          aux = re.getAParse()
-        ) else (
-          kind = "regular expression" and aux = re
-        )
-      )
-    |
-      message = "This " + kind + " " + msg and label = "here"
-    )
-  }
-
   /** Holds if `term` is one of the transitive left children of a regexp. */
   predicate isLeftArmTerm(RegExpTerm term) {
     term.isRootTerm()
@@ -262,10 +255,26 @@ module Make<RegexTreeViewSig TreeImpl, HostnameRegexpSig<TreeImpl> Specific> {
   }
 
   /**
-   * Gets a pattern that matches common top-level domain names in lower case.
+   * Holds if `regexp` is a regular expression that is likely to match a hostname,
+   * but the pattern is incomplete and may match more hosts than intended.
    */
-  string getACommonTld() {
-    // according to ranking by http://google.com/search?q=site:.<<TLD>>
-    result = "(?:com|org|edu|gov|uk|net|io)(?![a-z0-9])"
+  predicate incompleteHostnameRegExp(
+    RegExpSequence hostSequence, string message, Specific::DataFlowNode aux, string label
+  ) {
+    exists(Specific::RegExpPatternSource re, RegExpTerm regexp, string msg, string kind |
+      regexp = re.getRegExpTerm() and
+      isIncompleteHostNameRegExpPattern(regexp, hostSequence, msg) and
+      (
+        if re.getAParse() != re
+        then (
+          kind = "string, which is used as a regular expression $@," and
+          aux = re.getAParse()
+        ) else (
+          kind = "regular expression" and aux = re
+        )
+      )
+    |
+      message = "This " + kind + " " + msg and label = "here"
+    )
   }
 }

From b9f668b320f132b80799980443479975f9a2eeec Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Mon, 19 Dec 2022 08:43:50 +0100
Subject: [PATCH 61/93] C#: Add dummy type sizes for the list pattern
 expressions kinds.

---
 csharp/ql/lib/semmlecode.csharp.dbscheme.stats | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/csharp/ql/lib/semmlecode.csharp.dbscheme.stats b/csharp/ql/lib/semmlecode.csharp.dbscheme.stats
index 2d1c330c7d2..c2017892642 100644
--- a/csharp/ql/lib/semmlecode.csharp.dbscheme.stats
+++ b/csharp/ql/lib/semmlecode.csharp.dbscheme.stats
@@ -948,6 +948,14 @@
             <k>@with_expr</k>
             <v>101</v>
         </e>
+        <e>
+            <k>@list_pattern_expr</k>
+            <v>0</v>
+        </e>
+        <e>
+            <k>@slice_pattern_expr</k>
+            <v>0</v>
+        </e>
         <e>
             <k>@xmldtd</k>
             <v>40</v>

From 6c8b1cf4be8feabc68f47e2b13f34e899cd476cc Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Mon, 19 Dec 2022 11:20:31 +0100
Subject: [PATCH 62/93] changes based on Python review

---
 python/ql/lib/semmle/python/RegexTreeView.qll | 2 +-
 shared/regex/codeql/regex/HostnameRegexp.qll  | 6 +-----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/python/ql/lib/semmle/python/RegexTreeView.qll b/python/ql/lib/semmle/python/RegexTreeView.qll
index a05ee87e6a7..dea896ebbc7 100644
--- a/python/ql/lib/semmle/python/RegexTreeView.qll
+++ b/python/ql/lib/semmle/python/RegexTreeView.qll
@@ -858,7 +858,7 @@ module Impl implements RegexTreeViewSig {
    * ```
    */
   class RegExpAnchor extends RegExpSpecialChar {
-    RegExpAnchor() { this.getChar() = ["^", "$"] }
+    RegExpAnchor() { this.getChar() = ["\\A", "^", "$", "\\Z"] }
   }
 
   /**
diff --git a/shared/regex/codeql/regex/HostnameRegexp.qll b/shared/regex/codeql/regex/HostnameRegexp.qll
index 4470f1c1ab7..fc77b9b56e2 100644
--- a/shared/regex/codeql/regex/HostnameRegexp.qll
+++ b/shared/regex/codeql/regex/HostnameRegexp.qll
@@ -245,15 +245,11 @@ module Make<RegexTreeViewSig TreeImpl, HostnameRegexpSig<TreeImpl> Specific> {
     term.isRootTerm()
     or
     exists(RegExpTerm parent |
-      term = getLastChild(parent) and
+      term = parent.getLastChild() and
       isRightArmTerm(parent)
     )
   }
 
-  private RegExpTerm getLastChild(RegExpTerm parent) {
-    result = max(RegExpTerm child, int i | child = parent.getChild(i) | child order by i)
-  }
-
   /**
    * Holds if `regexp` is a regular expression that is likely to match a hostname,
    * but the pattern is incomplete and may match more hosts than intended.

From a880fecc8b3f83fd4e7274b9b62b6b9fe8bf7dd2 Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Mon, 19 Dec 2022 11:56:36 +0100
Subject: [PATCH 63/93] Apply suggestions from code review

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
---
 .../CWE-295/AndroidMissingCertificatePinning.qhelp   | 12 ++++++------
 .../CWE/CWE-295/AndroidMissingCertificatePinning.ql  |  4 ++--
 .../CWE-295/AndroidMissingCertificatePinning3.java   |  2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp
index db97c98250e..007777372b5 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp
@@ -6,7 +6,7 @@
 <p>
 Certificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default.
 In Android applications, it is reccomended to use certificate pinning when communicating over the network, 
-in order to minimize the risk of machine-in-the-middle attacks from a comprimised CA.
+in order to minimize the risk of machine-in-the-middle attacks from a compromised CA.
 </p>
 </overview>
 
@@ -16,10 +16,10 @@ The easiest way to implement certificate pinning is to declare your pins in a <c
 This will automatically provide certificate pinning for any network connection made by the app.
 </p>
 <p>
-Another way to implement certificate pinning is to use the `CertificatePinner` from the `okhttp` library. 
+Another way to implement certificate pinning is to use the `CertificatePinner` class from the `okhttp` library. 
 </p>
 <p>
-A final way to implement certificate pinning is to use a <code>TrustManager</code>, initialized from a <code>KeyStore</code> loaded with only the neccesary certificates.
+A final way to implement certificate pinning is to use a <code>TrustManager</code>, initialized from a <code>KeyStore</code> loaded with only the necessary certificates.
 </p>
 
 </recommendation>
@@ -36,13 +36,13 @@ The other (good) cases demonstrate the different ways to implement certificate p
 
 <references>
   <li>
-    OWASP Mobile Security: <a href="https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05g-testing-network-communication#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4">Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4)</a>
+    OWASP Mobile Security: <a href="https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05g-testing-network-communication#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4">Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4)</a>.
   </li>
   <li>
-    Android Developers: <a href="https://developer.android.com/training/articles/security-config">Network security configuration</a>
+    Android Developers: <a href="https://developer.android.com/training/articles/security-config">Network security configuration</a>.
   </li>
   <li>
-    OkHttp: <a href="https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/">CertificatePinner</a>
+    OkHttp: <a href="https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/">CertificatePinner</a>.
   </li>
 </references>
 </qhelp>
diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
index 829dec1de3b..6b798d50bf9 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
@@ -1,6 +1,6 @@
 /**
- * @name Android Missing Certificate Pinning
- * @description Network communication should use certificate pinning.
+ * @name Android missing certificate pinning
+ * @description Network connections that do not use certificate pinning may allow attackers to eavesdrop communications.
  * @kind problem
  * @problem.severity warning
  * @security-severity 7.5
diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java
index 08327d7636e..dd172f2fe9f 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java
@@ -10,7 +10,7 @@ client.newCall(new Request.Builder().url("https://example.com").build()).execute
 
 
 
-// GOOD: Certificate pinning implemented vis a TrustManager
+// GOOD: Certificate pinning implemented via a TrustManager
 KeyStore keyStore = KeyStore.getInstance("BKS");
 keyStore.load(resources.openRawResource(R.raw.cert), null);
 

From 072a1800936cc9076d29a3c3ebee35b0c94206cb Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Wed, 14 Dec 2022 15:16:18 +0100
Subject: [PATCH 64/93] Util: add AlertSuppression.qll

---
 .../codeql/suppression/AlertSuppression.qll   | 109 ++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 shared/util/codeql/suppression/AlertSuppression.qll

diff --git a/shared/util/codeql/suppression/AlertSuppression.qll b/shared/util/codeql/suppression/AlertSuppression.qll
new file mode 100644
index 00000000000..e52ee54cca4
--- /dev/null
+++ b/shared/util/codeql/suppression/AlertSuppression.qll
@@ -0,0 +1,109 @@
+signature class SingleLineComment {
+  string toString();
+
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  );
+
+  string getText();
+}
+
+/**
+ * Constructs an alert suppression query.
+ */
+module Make<SingleLineComment Comment> {
+  /**
+   * An alert suppression comment.
+   */
+  abstract class SuppressionComment instanceof Comment {
+    /**
+     * Gets the text of this suppression comment.
+     */
+    string getText() { result = super.getText() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets the suppression annotation in this comment. */
+    abstract string getAnnotation();
+
+    /**
+     * Holds if this comment applies to the range from column `startcolumn` of line `startline`
+     * to column `endcolumn` of line `endline` in file `filepath`.
+     */
+    abstract predicate covers(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    );
+
+    /** Gets the scope of this suppression. */
+    SuppressionScope getScope() { this = result.getSuppressionComment() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = super.toString() }
+  }
+
+  private class LgtmSuppressionComment extends SuppressionComment {
+    private string annotation;
+
+    LgtmSuppressionComment() {
+      exists(string text | text = this.(Comment).getText() |
+        // match `lgtm[...]` anywhere in the comment
+        annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
+        or
+        // match `lgtm` at the start of the comment and after semicolon
+        annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
+      )
+    }
+
+    override string getAnnotation() { result = annotation }
+
+    override predicate covers(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      this.hasLocationInfo(filepath, startline, _, endline, endcolumn) and
+      startcolumn = 1
+    }
+  }
+
+  /**
+   * The scope of an alert suppression comment.
+   */
+  private class SuppressionScope instanceof SuppressionComment {
+    /** Gets a suppression comment with this scope. */
+    SuppressionComment getSuppressionComment() { result = this }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      this.(SuppressionComment).covers(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = "suppression range" }
+  }
+
+  query predicate suppressions(
+    SuppressionComment c, string text, string annotation, SuppressionScope scope
+  ) {
+    text = c.getText() and // text of suppression comment (excluding delimiters)
+    annotation = c.getAnnotation() and // text of suppression annotation
+    scope = c.getScope() // scope of suppression
+  }
+}

From bc646d407e8e3c54cb802bafec8660d7ba46b504 Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Wed, 14 Dec 2022 15:42:25 +0100
Subject: [PATCH 65/93] Java: use shared AlertSuppression.qll

---
 java/ql/src/AlertSuppression.ql | 76 ++++-----------------------------
 java/ql/src/qlpack.yml          |  1 +
 2 files changed, 9 insertions(+), 68 deletions(-)

diff --git a/java/ql/src/AlertSuppression.ql b/java/ql/src/AlertSuppression.ql
index d37bd174692..99893d741b4 100644
--- a/java/ql/src/AlertSuppression.ql
+++ b/java/ql/src/AlertSuppression.ql
@@ -5,77 +5,17 @@
  * @id java/alert-suppression
  */
 
-import java
+private import codeql.suppression.AlertSuppression as AS
+private import semmle.code.java.Javadoc
 
-/**
- * An alert suppression comment.
- */
-class SuppressionComment extends Javadoc {
-  string annotation;
-
-  SuppressionComment() {
-    // suppression comments must be single-line
-    (
-      isEolComment(this)
-      or
-      isNormalComment(this) and exists(int line | this.hasLocationInfo(_, line, _, line, _))
-    ) and
-    exists(string text | text = this.getChild(0).getText() |
-      // match `lgtm[...]` anywhere in the comment
-      annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
-      or
-      // match `lgtm` at the start of the comment and after semicolon
-      annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
-    )
+class SingleLineComment extends Javadoc {
+  SingleLineComment() {
+    isEolComment(this)
+    or
+    isNormalComment(this) and exists(int line | this.hasLocationInfo(_, line, _, line, _))
   }
 
-  /**
-   * Gets the text of this suppression comment.
-   */
   string getText() { result = this.getChild(0).getText() }
-
-  /** Gets the suppression annotation in this comment. */
-  string getAnnotation() { result = annotation }
-
-  /**
-   * Holds if this comment applies to the range from column `startcolumn` of line `startline`
-   * to column `endcolumn` of line `endline` in file `filepath`.
-   */
-  predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
-    this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
-    startcolumn = 1
-  }
-
-  /** Gets the scope of this suppression. */
-  SuppressionScope getScope() { this = result.getSuppressionComment() }
 }
 
-/**
- * The scope of an alert suppression comment.
- */
-class SuppressionScope extends @javadoc instanceof SuppressionComment {
-  /** Gets a suppression comment with this scope. */
-  SuppressionComment getSuppressionComment() { result = this }
-
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    super.covers(filepath, startline, startcolumn, endline, endcolumn)
-  }
-
-  /** Gets a textual representation of this element. */
-  string toString() { result = "suppression range" }
-}
-
-from SuppressionComment c
-select c, // suppression comment
-  c.getText(), // text of suppression comment (excluding delimiters)
-  c.getAnnotation(), // text of suppression annotation
-  c.getScope() // scope of suppression
+import AS::Make<SingleLineComment>
diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml
index 00070f5ccf2..cd48c113dfb 100644
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -9,3 +9,4 @@ defaultSuiteFile: codeql-suites/java-code-scanning.qls
 dependencies:
   codeql/java-all: ${workspace}
   codeql/suite-helpers: ${workspace}
+  codeql/util: ${workspace}

From 484a16ce1b2d2472a061c6d44bd4a7031954638c Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Mon, 19 Dec 2022 12:10:32 +0100
Subject: [PATCH 66/93] Update
 java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql

---
 .../Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
index 6b798d50bf9..d27267fc02c 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
@@ -3,7 +3,7 @@
  * @description Network connections that do not use certificate pinning may allow attackers to eavesdrop communications.
  * @kind problem
  * @problem.severity warning
- * @security-severity 7.5
+ * @security-severity 5.9
  * @precision medium
  * @id java/android/missing-certificate-pinning
  * @tags security

From 2705aebbbcaf52c2a7efca1b644b954ea8d52e2c Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Thu, 15 Dec 2022 14:29:00 +0100
Subject: [PATCH 67/93] C++: Restrict CWE-119 semmle tests to have a single
 main function

---
 .../semmle/tests/OverflowDestination.expected     | 15 ++++++++++++---
 .../Security/CWE/CWE-119/semmle/tests/main.cpp    | 12 ++++++++++++
 .../CWE-119/semmle/tests/overflowdestination.cpp  |  2 +-
 .../CWE-119/semmle/tests/test_buffer_overrun.cpp  |  2 +-
 .../Security/CWE/CWE-119/semmle/tests/tests.cpp   |  2 +-
 .../CWE/CWE-119/semmle/tests/tests_restrict.c     |  2 +-
 6 files changed, 28 insertions(+), 7 deletions(-)
 create mode 100644 cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/main.cpp

diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
index 2a9b25cb541..651dd4d1ac8 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
@@ -1,5 +1,10 @@
 edges
-| overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
+| main.cpp:7:33:7:36 | argv | main.cpp:7:33:7:36 | argv |
+| main.cpp:7:33:7:36 | argv | main.cpp:7:33:7:36 | argv indirection |
+| main.cpp:7:33:7:36 | argv | overflowdestination.cpp:23:45:23:48 | argv |
+| main.cpp:7:33:7:36 | argv indirection | overflowdestination.cpp:23:45:23:48 | *argv |
+| overflowdestination.cpp:23:45:23:48 | *argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
+| overflowdestination.cpp:23:45:23:48 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
 | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... |
 | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection |
 | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:15:53:17 | (const void *)... |
@@ -17,7 +22,11 @@ edges
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src |
 | overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | *src |
 nodes
-| overflowdestination.cpp:27:9:27:12 | argv | semmle.label | argv |
+| main.cpp:7:33:7:36 | argv | semmle.label | argv |
+| main.cpp:7:33:7:36 | argv | semmle.label | argv |
+| main.cpp:7:33:7:36 | argv indirection | semmle.label | argv indirection |
+| overflowdestination.cpp:23:45:23:48 | *argv | semmle.label | *argv |
+| overflowdestination.cpp:23:45:23:48 | argv | semmle.label | argv |
 | overflowdestination.cpp:30:17:30:20 | (const char *)... | semmle.label | (const char *)... |
 | overflowdestination.cpp:43:8:43:10 | fgets output argument | semmle.label | fgets output argument |
 | overflowdestination.cpp:46:15:46:17 | (const void *)... | semmle.label | (const void *)... |
@@ -37,7 +46,7 @@ nodes
 subpaths
 | overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
 #select
-| overflowdestination.cpp:30:2:30:8 | call to strncpy | overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
+| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:7:33:7:36 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/main.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/main.cpp
new file mode 100644
index 00000000000..78f94af22cf
--- /dev/null
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/main.cpp
@@ -0,0 +1,12 @@
+int overflowdesination_main(int argc, char **argv);
+int test_buffer_overrun_main(int argc, char **argv);
+int tests_restrict_main(int argc, char **argv);
+int tests_main(int argc, char **argv);
+
+int main(int argc, char **argv) {
+  overflowdesination_main(argc, argv);
+  test_buffer_overrun_main(argc, argv);
+  tests_restrict_main(argc, argv);
+  tests_main(argc, argv);
+  return 0;
+}
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp
index 2a939f83a73..8b785b5a662 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp
@@ -20,7 +20,7 @@ inline size_t min(size_t a, size_t b) {
 	}
 }
 
-int main(int argc, char* argv[]) {
+int overflowdesination_main(int argc, char* argv[]) {
 	char param[20];
 	char *arg1;
 
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp
index d05ed0c94a7..8554f8c62fb 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp
@@ -29,7 +29,7 @@ void test_buffer_overrun_in_while_loop_using_array_indexing()
     }
 }
 
-int main(int argc, char *argv[])
+int test_buffer_overrun_main(int argc, char *argv[])
 {
     test_buffer_overrun_in_for_loop();
     test_buffer_overrun_in_while_loop_using_pointer_arithmetic();
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
index 668324e7963..42c06043927 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
@@ -603,7 +603,7 @@ void test22(bool b, const char* source) {
   memcpy(dest, source, n); // GOOD
 }
 
-int main(int argc, char *argv[])
+int tests_main(int argc, char *argv[])
 {
 	long long arr17[19];
 
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c
index 9b6990db535..96a5571bf65 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c
@@ -12,7 +12,7 @@ void test1()
 	memcpy(largebuf, smallbuf, 2); // BAD: source over-read
 }
 
-int main(int argc, char *argv[])
+int tests_restrict_main(int argc, char *argv[])
 {
 	test1();
 

From a73bd050f759360ea8877b83832661f58494b556 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 14 Dec 2022 13:49:06 +0100
Subject: [PATCH 68/93] C++: Define the `argv` flow source in terms the input
 parameter

---
 cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll b/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
index 8bc059da506..a183533534d 100644
--- a/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
@@ -92,7 +92,7 @@ private class ArgvSource extends LocalFlowSource {
     exists(Function main, Parameter argv |
       main.hasGlobalName("main") and
       main.getParameter(1) = argv and
-      this.asExpr() = argv.getAnAccess()
+      this.asParameter() = argv
     )
   }
 

From 23f595bea171de1000aeb1009af11ce69746ce15 Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Wed, 14 Dec 2022 15:40:08 +0100
Subject: [PATCH 69/93] JavaScript: use shared AlertSuppression.qll

---
 javascript/ql/src/AlertSuppression.ql | 70 +++++----------------------
 javascript/ql/src/qlpack.yml          |  1 +
 2 files changed, 12 insertions(+), 59 deletions(-)

diff --git a/javascript/ql/src/AlertSuppression.ql b/javascript/ql/src/AlertSuppression.ql
index 2a7ae3bdc50..5d1aa6a5e29 100644
--- a/javascript/ql/src/AlertSuppression.ql
+++ b/javascript/ql/src/AlertSuppression.ql
@@ -5,76 +5,28 @@
  * @id js/alert-suppression
  */
 
-import javascript
+private import codeql.suppression.AlertSuppression as AS
+private import semmle.javascript.Locations as L
 
-/**
- * An alert suppression comment.
- */
-class SuppressionComment extends Locatable {
-  string text;
-  string annotation;
+class SingleLineComment extends L::Locatable {
+  private string text;
 
-  SuppressionComment() {
+  SingleLineComment() {
     (
-      text = this.(Comment).getText() or
-      text = this.(HTML::CommentNode).getText()
+      text = this.(L::Comment).getText() or
+      text = this.(L::HTML::CommentNode).getText()
     ) and
     // suppression comments must be single-line
-    not text.matches("%\n%") and
-    (
-      // match `lgtm[...]` anywhere in the comment
-      annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
-      or
-      // match `lgtm` at the start of the comment and after semicolon
-      annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
-    )
+    not text.matches("%\n%")
   }
 
-  /** Gets the text of this suppression comment, not including delimiters. */
-  string getText() { result = text }
-
-  /** Gets the suppression annotation in this comment. */
-  string getAnnotation() { result = annotation }
-
-  /**
-   * Holds if this comment applies to the range from column `startcolumn` of line `startline`
-   * to column `endcolumn` of line `endline` in file `filepath`.
-   */
-  predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
-    this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
-    startcolumn = 1
-  }
-
-  /** Gets the scope of this suppression. */
-  SuppressionScope getScope() { this = result.getSuppressionComment() }
-}
-
-/**
- * The scope of an alert suppression comment.
- */
-class SuppressionScope extends @locatable instanceof SuppressionComment {
-  /** Gets a suppression comment with this scope. */
-  SuppressionComment getSuppressionComment() { result = this }
-
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    super.covers(filepath, startline, startcolumn, endline, endcolumn)
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 
-  /** Gets a textual representation of this element. */
-  string toString() { result = "suppression range" }
+  string getText() { result = text }
 }
 
-from SuppressionComment c
-select c, // suppression comment
-  c.getText(), // text of suppression comment (excluding delimiters)
-  c.getAnnotation(), // text of suppression annotation
-  c.getScope() // scope of suppression
+import AS::Make<SingleLineComment>
diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml
index b297ae8268d..3205821e406 100644
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -10,3 +10,4 @@ dependencies:
   codeql/javascript-all: ${workspace}
   codeql/suite-helpers: ${workspace}
   codeql/typos: ${workspace}
+  codeql/util: ${workspace}

From b0e8085765670ced4245453b8253dd52711ee02a Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Wed, 14 Dec 2022 15:51:32 +0100
Subject: [PATCH 70/93] Go: use shared AlertSuppression.qll

---
 go/ql/src/AlertSuppression.ql | 71 +++--------------------------------
 go/ql/src/qlpack.yml          |  1 +
 2 files changed, 7 insertions(+), 65 deletions(-)

diff --git a/go/ql/src/AlertSuppression.ql b/go/ql/src/AlertSuppression.ql
index d264052bd23..632499136a8 100644
--- a/go/ql/src/AlertSuppression.ql
+++ b/go/ql/src/AlertSuppression.ql
@@ -5,73 +5,14 @@
  * @id go/alert-suppression
  */
 
-import go
+private import codeql.suppression.AlertSuppression as AS
+private import semmle.go.Comments as G
 
-/**
- * An alert suppression comment.
- */
-class SuppressionComment extends Locatable {
-  string text;
-  string annotation;
-
-  SuppressionComment() {
-    text = this.(Comment).getText() and
+class SingleLineComment extends G::Comment {
+  SingleLineComment() {
     // suppression comments must be single-line
-    not text.matches("%\n%") and
-    (
-      // match `lgtm[...]` anywhere in the comment
-      annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
-      or
-      // match `lgtm` at the start of the comment and after semicolon
-      annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
-    )
+    not this.getText().matches("%\n%")
   }
-
-  /** Gets the text of this suppression comment, not including delimiters. */
-  string getText() { result = text }
-
-  /** Gets the suppression annotation in this comment. */
-  string getAnnotation() { result = annotation }
-
-  /**
-   * Holds if this comment applies to the range from column `startcolumn` of line `startline`
-   * to column `endcolumn` of line `endline` in file `filepath`.
-   */
-  predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
-    this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
-    startcolumn = 1
-  }
-
-  /** Gets the scope of this suppression. */
-  SuppressionScope getScope() { this = result.getSuppressionComment() }
 }
 
-/**
- * The scope of an alert suppression comment.
- */
-class SuppressionScope extends @locatable instanceof SuppressionComment {
-  /** Gets a suppression comment with this scope. */
-  SuppressionComment getSuppressionComment() { result = this }
-
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    super.covers(filepath, startline, startcolumn, endline, endcolumn)
-  }
-
-  /** Gets a textual representation of this element. */
-  string toString() { result = "suppression range" }
-}
-
-from SuppressionComment c
-select c, // suppression comment
-  c.getText(), // text of suppression comment (excluding delimiters)
-  c.getAnnotation(), // text of suppression annotation
-  c.getScope() // scope of suppression
+import AS::Make<SingleLineComment>
diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml
index 7d586cfb931..ecac6cbe91b 100644
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -9,3 +9,4 @@ defaultSuiteFile: codeql-suites/go-code-scanning.qls
 dependencies:
   codeql/go-all: ${workspace}
   codeql/suite-helpers: ${workspace}
+  codeql/util: ${workspace}

From ad80822a52500b47cce8e2300dcbcede2c2d1117 Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Wed, 14 Dec 2022 16:04:55 +0100
Subject: [PATCH 71/93] C/C++: use shared AlertSuppression.qll

---
 cpp/ql/src/AlertSuppression.ql                |  89 ++++----------
 cpp/ql/src/qlpack.yml                         |   1 +
 .../AlertSuppression.expected                 | 116 +++++++++---------
 3 files changed, 82 insertions(+), 124 deletions(-)

diff --git a/cpp/ql/src/AlertSuppression.ql b/cpp/ql/src/AlertSuppression.ql
index 14766a1e51a..62086b6982a 100644
--- a/cpp/ql/src/AlertSuppression.ql
+++ b/cpp/ql/src/AlertSuppression.ql
@@ -5,78 +5,35 @@
  * @id cpp/alert-suppression
  */
 
-import cpp
+private import codeql.suppression.AlertSuppression as AS
+private import semmle.code.cpp.Element
 
-/**
- * An alert suppression comment.
- */
-class SuppressionComment extends Comment {
-  string annotation;
-  string text;
+class SingleLineComment extends Comment {
+  private string text;
 
-  SuppressionComment() {
-    (
-      this instanceof CppStyleComment and
-      // strip the beginning slashes
-      text = this.getContents().suffix(2)
-      or
-      this instanceof CStyleComment and
-      // strip both the beginning /* and the end */ the comment
-      exists(string text0 |
-        text0 = this.getContents().suffix(2) and
-        text = text0.prefix(text0.length() - 2)
-      ) and
-      // The /* */ comment must be a single-line comment
-      not text.matches("%\n%")
+  SingleLineComment() {
+    this instanceof CppStyleComment and
+    // strip the beginning slashes
+    text = this.getContents().suffix(2)
+    or
+    this instanceof CStyleComment and
+    // strip both the beginning /* and the end */ the comment
+    exists(string text0 |
+      text0 = this.getContents().suffix(2) and
+      text = text0.prefix(text0.length() - 2)
     ) and
-    (
-      // match `lgtm[...]` anywhere in the comment
-      annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
-      or
-      // match `lgtm` at the start of the comment and after semicolon
-      annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
-    )
+    // The /* */ comment must be a single-line comment
+    not text.matches("%\n%")
+  }
+
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /** Gets the text in this comment, excluding the leading //. */
   string getText() { result = text }
-
-  /** Gets the suppression annotation in this comment. */
-  string getAnnotation() { result = annotation }
-
-  /**
-   * Holds if this comment applies to the range from column `startcolumn` of line `startline`
-   * to column `endcolumn` of line `endline` in file `filepath`.
-   */
-  predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
-    this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
-    startcolumn = 1
-  }
-
-  /** Gets the scope of this suppression. */
-  SuppressionScope getScope() { result = this }
 }
 
-/**
- * The scope of an alert suppression comment.
- */
-class SuppressionScope extends ElementBase instanceof SuppressionComment {
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    super.covers(filepath, startline, startcolumn, endline, endcolumn)
-  }
-}
-
-from SuppressionComment c
-select c, // suppression comment
-  c.getText(), // text of suppression comment (excluding delimiters)
-  c.getAnnotation(), // text of suppression annotation
-  c.getScope() // scope of suppression
+import AS::Make<SingleLineComment>
diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml
index 75d3e65c592..1e7b2f80a59 100644
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -6,6 +6,7 @@ groups:
 dependencies:
     codeql/cpp-all: ${workspace}
     codeql/suite-helpers: ${workspace}
+    codeql/util: ${workspace}
 suites: codeql-suites
 extractor: cpp
 defaultSuiteFile: codeql-suites/cpp-code-scanning.qls
diff --git a/cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected b/cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
index 3236b7f6183..a03e25ebb87 100644
--- a/cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
+++ b/cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
@@ -1,58 +1,58 @@
-| tst.c:1:12:1:18 | // lgtm |  lgtm | lgtm | tst.c:1:1:1:18 | // lgtm |
-| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | // lgtm[js/debugger-statement] |
-| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |
-| tst.c:4:1:4:22 | // lgtm[@tag:nullness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | // lgtm[@tag:nullness] |
-| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |
-| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |
-| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |
-| tst.c:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tst.c:8:1:8:18 | // lgtm: blah blah |
-| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | // lgtm blah blah #falsepositive |
-| tst.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tst.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] |
-| tst.c:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tst.c:11:1:11:10 | /* lgtm */ |
-| tst.c:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tst.c:12:1:12:9 | // lgtm[] |
-| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | //lgtm |
-| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | //\tlgtm |
-| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |
-| tst.c:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tst.c:19:1:19:12 | // foo; lgtm |
-| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |
-| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |
-| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |
-| tst.c:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tst.c:25:1:25:8 | // LGTM! |
-| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | // LGTM[js/debugger-statement] |
-| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |
-| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |
-| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |
-| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |
-| tst.c:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tst.c:29:1:29:12 | /* lgtm[] */ |
-| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |
-| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |
-| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |
-| tstWindows.c:1:12:1:18 | // lgtm |  lgtm | lgtm | tstWindows.c:1:1:1:18 | // lgtm |
-| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] |
-| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |
-| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] |
-| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |
-| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |
-| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |
-| tstWindows.c:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | // lgtm: blah blah |
-| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive |
-| tstWindows.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] |
-| tstWindows.c:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tstWindows.c:11:1:11:10 | /* lgtm */ |
-| tstWindows.c:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | // lgtm[] |
-| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | //lgtm |
-| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | //\tlgtm |
-| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |
-| tstWindows.c:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | // foo; lgtm |
-| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |
-| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |
-| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |
-| tstWindows.c:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tstWindows.c:25:1:25:8 | // LGTM! |
-| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] |
-| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |
-| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |
-| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |
-| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |
-| tstWindows.c:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tstWindows.c:29:1:29:12 | /* lgtm[] */ |
-| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |
-| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |
-| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |
+| tst.c:1:12:1:18 | // lgtm |  lgtm | lgtm | tst.c:1:1:1:18 | suppression range |
+| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | suppression range |
+| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | suppression range |
+| tst.c:4:1:4:22 | // lgtm[@tag:nullness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | suppression range |
+| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | suppression range |
+| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | suppression range |
+| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | suppression range |
+| tst.c:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tst.c:8:1:8:18 | suppression range |
+| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | suppression range |
+| tst.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tst.c:10:1:10:39 | suppression range |
+| tst.c:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tst.c:11:1:11:10 | suppression range |
+| tst.c:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tst.c:12:1:12:9 | suppression range |
+| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | suppression range |
+| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | suppression range |
+| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | suppression range |
+| tst.c:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tst.c:19:1:19:12 | suppression range |
+| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | suppression range |
+| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | suppression range |
+| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | suppression range |
+| tst.c:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tst.c:25:1:25:8 | suppression range |
+| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | suppression range |
+| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | suppression range |
+| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | suppression range |
+| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | suppression range |
+| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | suppression range |
+| tst.c:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tst.c:29:1:29:12 | suppression range |
+| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | suppression range |
+| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | suppression range |
+| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tst.c:37:1:37:25 | suppression range |
+| tstWindows.c:1:12:1:18 | // lgtm |  lgtm | lgtm | tstWindows.c:1:1:1:18 | suppression range |
+| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | suppression range |
+| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | suppression range |
+| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | suppression range |
+| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | suppression range |
+| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | suppression range |
+| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | suppression range |
+| tstWindows.c:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | suppression range |
+| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | suppression range |
+| tstWindows.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | suppression range |
+| tstWindows.c:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tstWindows.c:11:1:11:10 | suppression range |
+| tstWindows.c:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | suppression range |
+| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | suppression range |
+| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | suppression range |
+| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | suppression range |
+| tstWindows.c:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | suppression range |
+| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | suppression range |
+| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | suppression range |
+| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | suppression range |
+| tstWindows.c:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tstWindows.c:25:1:25:8 | suppression range |
+| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | suppression range |
+| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | suppression range |
+| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | suppression range |
+| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | suppression range |
+| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | suppression range |
+| tstWindows.c:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tstWindows.c:29:1:29:12 | suppression range |
+| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | suppression range |
+| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | suppression range |
+| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | suppression range |

From 453045e276f4a83fe8c483d0a923e62a630c343e Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Wed, 14 Dec 2022 16:21:57 +0100
Subject: [PATCH 72/93] C#: use shared AlertSuppression.qll

---
 csharp/ql/src/AlertSuppression.ql | 62 ++++---------------------------
 csharp/ql/src/qlpack.yml          |  1 +
 2 files changed, 8 insertions(+), 55 deletions(-)

diff --git a/csharp/ql/src/AlertSuppression.ql b/csharp/ql/src/AlertSuppression.ql
index cfa8dbae832..0eeca2648ea 100644
--- a/csharp/ql/src/AlertSuppression.ql
+++ b/csharp/ql/src/AlertSuppression.ql
@@ -5,68 +5,20 @@
  * @id cs/alert-suppression
  */
 
-import csharp
+private import codeql.suppression.AlertSuppression as AS
+private import semmle.code.csharp.Comments
 
-/**
- * An alert suppression comment.
- */
-class SuppressionComment extends CommentLine {
-  string annotation;
-
-  SuppressionComment() {
+class SingleLineComment extends CommentLine {
+  SingleLineComment() {
     // Must be either `// ...` or `/* ... */` on a single line.
-    this.getRawText().regexpMatch("//.*|/\\*.*\\*/") and
-    exists(string text | text = this.getText() |
-      // match `lgtm[...]` anywhere in the comment
-      annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
-      or
-      // match `lgtm` at the start of the comment and after semicolon
-      annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
-    )
+    this.getRawText().regexpMatch("//.*|/\\*.*\\*/")
   }
 
-  /** Gets the suppression annotation in this comment. */
-  string getAnnotation() { result = annotation }
-
-  /**
-   * Holds if this comment applies to the range from column `startcolumn` of line `startline`
-   * to column `endcolumn` of line `endline` in file `filepath`.
-   */
-  predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
-    this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
-    startcolumn = 1
-  }
-
-  /** Gets the scope of this suppression. */
-  SuppressionScope getScope() { this = result.getSuppressionComment() }
-}
-
-/**
- * The scope of an alert suppression comment.
- */
-class SuppressionScope extends @commentline instanceof SuppressionComment {
-  /** Gets a suppression comment with this scope. */
-  SuppressionComment getSuppressionComment() { result = this }
-
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    super.covers(filepath, startline, startcolumn, endline, endcolumn)
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
-
-  /** Gets a textual representation of this element. */
-  string toString() { result = "suppression range" }
 }
 
-from SuppressionComment c
-select c, // suppression comment
-  c.getText(), // text of suppression comment (excluding delimiters)
-  c.getAnnotation(), // text of suppression annotation
-  c.getScope() // scope of suppression
+import AS::Make<SingleLineComment>
diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml
index f7da9740b21..2409e29a118 100644
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -9,3 +9,4 @@ defaultSuiteFile: codeql-suites/csharp-code-scanning.qls
 dependencies:
   codeql/csharp-all: ${workspace}
   codeql/suite-helpers: ${workspace}
+  codeql/util: ${workspace}

From 621a1088464783687bf286dbe3059c78624ceb6e Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Wed, 14 Dec 2022 19:30:54 +0100
Subject: [PATCH 73/93] Ruby: use shared AlertSuppression.qll

---
 ruby/ql/src/AlertSuppression.ql | 71 +++++----------------------------
 ruby/ql/src/qlpack.yml          |  1 +
 2 files changed, 10 insertions(+), 62 deletions(-)

diff --git a/ruby/ql/src/AlertSuppression.ql b/ruby/ql/src/AlertSuppression.ql
index a6a75d6d9db..ea5c7d74209 100644
--- a/ruby/ql/src/AlertSuppression.ql
+++ b/ruby/ql/src/AlertSuppression.ql
@@ -5,76 +5,23 @@
  * @id rb/alert-suppression
  */
 
-import codeql.ruby.AST
-import codeql.ruby.ast.internal.TreeSitter
+private import codeql.suppression.AlertSuppression as AS
+private import codeql.ruby.ast.internal.TreeSitter
 
-/**
- * An alert suppression comment.
- */
-class SuppressionComment extends Ruby::Comment {
-  string annotation;
-
-  SuppressionComment() {
+class SingleLineComment extends Ruby::Comment {
+  SingleLineComment() {
     // suppression comments must be single-line
-    this.getLocation().getStartLine() = this.getLocation().getEndLine() and
-    exists(string text | text = commentText(this) |
-      // match `lgtm[...]` anywhere in the comment
-      annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
-      or
-      // match `lgtm` at the start of the comment and after semicolon
-      annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
-    )
+    this.getLocation().getStartLine() = this.getLocation().getEndLine()
   }
 
-  /**
-   * Gets the text of this suppression comment.
-   */
-  string getText() { result = commentText(this) }
-
-  /** Gets the suppression annotation in this comment. */
-  string getAnnotation() { result = annotation }
-
-  /**
-   * Holds if this comment applies to the range from column `startcolumn` of line `startline`
-   * to column `endcolumn` of line `endline` in file `filepath`.
-   */
-  predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
-    this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
-    startcolumn = 1
-  }
-
-  /** Gets the scope of this suppression. */
-  SuppressionScope getScope() { this = result.getSuppressionComment() }
-}
-
-private string commentText(Ruby::Comment comment) { result = comment.getValue().suffix(1) }
-
-/**
- * The scope of an alert suppression comment.
- */
-class SuppressionScope extends @ruby_token_comment instanceof SuppressionComment {
-  /** Gets a suppression comment with this scope. */
-  SuppressionComment getSuppressionComment() { result = this }
-
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    super.covers(filepath, startline, startcolumn, endline, endcolumn)
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 
-  /** Gets a textual representation of this element. */
-  string toString() { result = "suppression range" }
+  /** Gets the suppression annotation in this comment. */
+  string getText() { result = this.getValue().suffix(1) }
 }
 
-from SuppressionComment c
-select c, // suppression comment
-  c.getText(), // text of suppression comment (excluding delimiters)
-  c.getAnnotation(), // text of suppression annotation
-  c.getScope() // scope of suppression
+import AS::Make<SingleLineComment>
diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml
index ce73dffcf88..9921ee51799 100644
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -8,3 +8,4 @@ defaultSuiteFile: codeql-suites/ruby-code-scanning.qls
 dependencies:
   codeql/ruby-all: ${workspace}
   codeql/suite-helpers: ${workspace}
+  codeql/util: ${workspace}

From acb5d6e163bfa39ed314e04f47083b7cca2863b4 Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Thu, 15 Dec 2022 12:47:54 +0100
Subject: [PATCH 74/93] Python: use shared AlertSuppression.qll

---
 python/ql/src/analysis/AlertSuppression.ql    | 106 ++++--------------
 python/ql/src/qlpack.yml                      |   1 +
 .../suppression/AlertSuppression.expected     |   6 +
 3 files changed, 28 insertions(+), 85 deletions(-)

diff --git a/python/ql/src/analysis/AlertSuppression.ql b/python/ql/src/analysis/AlertSuppression.ql
index 6a14c9b6233..52760601063 100644
--- a/python/ql/src/analysis/AlertSuppression.ql
+++ b/python/ql/src/analysis/AlertSuppression.ql
@@ -5,101 +5,37 @@
  * @id py/alert-suppression
  */
 
-import python
+private import codeql.suppression.AlertSuppression as AS
+private import semmle.python.Comment as P
 
-/**
- * An alert suppression comment.
- */
-abstract class SuppressionComment extends Comment {
-  /** Gets the scope of this suppression. */
-  abstract SuppressionScope getScope();
-
-  /** Gets the suppression annotation in this comment. */
-  abstract string getAnnotation();
-
-  /**
-   * Holds if this comment applies to the range from column `startcolumn` of line `startline`
-   * to column `endcolumn` of line `endline` in file `filepath`.
-   */
-  abstract predicate covers(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  );
-}
-
-/**
- * An alert comment that applies to a single line
- */
-abstract class LineSuppressionComment extends SuppressionComment {
-  LineSuppressionComment() {
-    exists(string filepath, int l |
-      this.getLocation().hasLocationInfo(filepath, l, _, _, _) and
-      any(AstNode a).getLocation().hasLocationInfo(filepath, l, _, _, _)
-    )
-  }
-
-  /** Gets the scope of this suppression. */
-  override SuppressionScope getScope() { result = this }
-
-  override predicate covers(
+class SingleLineComment instanceof P::Comment {
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
-    startcolumn = 1
-  }
-}
-
-/**
- * An lgtm suppression comment.
- */
-class LgtmSuppressionComment extends LineSuppressionComment {
-  string annotation;
-
-  LgtmSuppressionComment() {
-    exists(string all | all = this.getContents() |
-      // match `lgtm[...]` anywhere in the comment
-      annotation = all.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
-      or
-      // match `lgtm` at the start of the comment and after semicolon
-      annotation = all.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
-    )
+    super.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 
-  /** Gets the suppression annotation in this comment. */
-  override string getAnnotation() { result = annotation }
+  string getText() { result = super.getContents() }
+
+  string toString() { result = super.toString() }
 }
 
+import AS::Make<SingleLineComment>
+
 /**
  * A noqa suppression comment. Both pylint and pyflakes respect this, so lgtm ought to too.
  */
-class NoqaSuppressionComment extends LineSuppressionComment {
-  NoqaSuppressionComment() { this.getContents().toLowerCase().regexpMatch("\\s*noqa\\s*([^:].*)?") }
-
-  override string getAnnotation() { result = "lgtm" }
-}
-
-/**
- * The scope of an alert suppression comment.
- */
-class SuppressionScope extends @py_comment instanceof SuppressionComment {
-  /**
-   * Holds if this element is at the specified location.
-   * The location spans column `startcolumn` of line `startline` to
-   * column `endcolumn` of line `endline` in file `filepath`.
-   * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-   */
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    super.covers(filepath, startline, startcolumn, endline, endcolumn)
+class NoqaSuppressionComment extends SuppressionComment instanceof SingleLineComment {
+  NoqaSuppressionComment() {
+    SingleLineComment.super.getText().regexpMatch("(?i)\\s*noqa\\s*([^:].*)?")
   }
 
-  /** Gets a textual representation of this element. */
-  string toString() { result = "suppression range" }
-}
+  override string getAnnotation() { result = "lgtm" }
 
-from SuppressionComment c
-select c, // suppression comment
-  c.getContents(), // text of suppression comment (excluding delimiters)
-  c.getAnnotation(), // text of suppression annotation
-  c.getScope() // scope of suppression
+  override predicate covers(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.hasLocationInfo(filepath, startline, _, endline, endcolumn) and
+    startcolumn = 1
+  }
+}
diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml
index f82723bb46a..d5a5d007af0 100644
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -6,6 +6,7 @@ groups:
 dependencies:
   codeql/python-all: ${workspace}
   codeql/suite-helpers: ${workspace}
+  codeql/util: ${workspace}
 suites: codeql-suites
 extractor: python
 defaultSuiteFile: codeql-suites/python-code-scanning.qls
diff --git a/python/ql/test/query-tests/analysis/suppression/AlertSuppression.expected b/python/ql/test/query-tests/analysis/suppression/AlertSuppression.expected
index 75452bfdd3a..8bad959b859 100644
--- a/python/ql/test/query-tests/analysis/suppression/AlertSuppression.expected
+++ b/python/ql/test/query-tests/analysis/suppression/AlertSuppression.expected
@@ -14,7 +14,9 @@
 | test.py:18:4:18:12 | Comment #    lgtm |     lgtm | lgtm | test.py:18:1:18:12 | suppression range |
 | test.py:19:4:19:31 | Comment # lgtm    [py/line-too-long] |  lgtm    [py/line-too-long] | lgtm    [py/line-too-long] | test.py:19:1:19:31 | suppression range |
 | test.py:20:4:20:14 | Comment # lgtm lgtm |  lgtm lgtm | lgtm | test.py:20:1:20:14 | suppression range |
+| test.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | test.py:23:1:23:41 | suppression range |
 | test.py:27:12:27:23 | Comment #lgtm [func] | lgtm [func] | lgtm [func] | test.py:27:1:27:23 | suppression range |
+| test.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). |  lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | test.py:28:1:28:70 | suppression range |
 | test.py:29:17:29:35 | Comment # lgtm on docstring |  lgtm on docstring | lgtm | test.py:29:1:29:35 | suppression range |
 | test.py:30:16:30:47 | Comment #lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | test.py:30:1:30:47 | suppression range |
 | test.py:35:10:35:21 | Comment # lgtm class |  lgtm class | lgtm | test.py:35:1:35:21 | suppression range |
@@ -22,6 +24,7 @@
 | test.py:39:4:39:8 | Comment #noqa | noqa | lgtm | test.py:39:1:39:8 | suppression range |
 | test.py:40:4:40:9 | Comment # noqa |  noqa | lgtm | test.py:40:1:40:9 | suppression range |
 | test.py:45:4:45:31 | Comment # noqa -- Some extra detail. |  noqa -- Some extra detail. | lgtm | test.py:45:1:45:31 | suppression range |
+| test.py:49:1:49:10 | Comment #LGTM-1929 | LGTM-1929 | LGTM | test.py:49:1:49:10 | suppression range |
 | test.py:50:34:50:117 | Comment # noqa: E501; (line too long) pylint: disable=invalid-name; lgtm [py/missing-equals] |  noqa: E501; (line too long) pylint: disable=invalid-name; lgtm [py/missing-equals] | lgtm [py/missing-equals] | test.py:50:1:50:117 | suppression range |
 | test.py:52:4:52:67 | Comment # noqa: E501; (line too long) pylint: disable=invalid-name; lgtm |  noqa: E501; (line too long) pylint: disable=invalid-name; lgtm | lgtm | test.py:52:1:52:67 | suppression range |
 | test.py:53:4:53:78 | Comment # random nonsense lgtm [py/missing-equals] and then some more commentary... |  random nonsense lgtm [py/missing-equals] and then some more commentary... | lgtm [py/missing-equals] | test.py:53:1:53:78 | suppression range |
@@ -47,13 +50,16 @@
 | testWindows.py:18:4:18:12 | Comment #    lgtm |     lgtm | lgtm | testWindows.py:18:1:18:12 | suppression range |
 | testWindows.py:19:4:19:31 | Comment # lgtm    [py/line-too-long] |  lgtm    [py/line-too-long] | lgtm    [py/line-too-long] | testWindows.py:19:1:19:31 | suppression range |
 | testWindows.py:20:4:20:14 | Comment # lgtm lgtm |  lgtm lgtm | lgtm | testWindows.py:20:1:20:14 | suppression range |
+| testWindows.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | testWindows.py:23:1:23:41 | suppression range |
 | testWindows.py:27:12:27:23 | Comment #lgtm [func] | lgtm [func] | lgtm [func] | testWindows.py:27:1:27:23 | suppression range |
+| testWindows.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). |  lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | testWindows.py:28:1:28:70 | suppression range |
 | testWindows.py:29:17:29:35 | Comment # lgtm on docstring |  lgtm on docstring | lgtm | testWindows.py:29:1:29:35 | suppression range |
 | testWindows.py:30:16:30:47 | Comment #lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | testWindows.py:30:1:30:47 | suppression range |
 | testWindows.py:35:10:35:21 | Comment # lgtm class |  lgtm class | lgtm | testWindows.py:35:1:35:21 | suppression range |
 | testWindows.py:36:21:36:33 | Comment # lgtm method |  lgtm method | lgtm | testWindows.py:36:1:36:33 | suppression range |
 | testWindows.py:39:3:39:7 | Comment #noqa | noqa | lgtm | testWindows.py:39:1:39:7 | suppression range |
 | testWindows.py:40:4:40:9 | Comment # noqa |  noqa | lgtm | testWindows.py:40:1:40:9 | suppression range |
+| testWindows.py:45:1:45:28 | Comment # noqa -- Some extra detail. |  noqa -- Some extra detail. | lgtm | testWindows.py:45:1:45:28 | suppression range |
 | testWindows.py:48:4:48:60 | Comment # lgtm[py/line-too-long] and lgtm[py/non-callable-called] |  lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/line-too-long] | testWindows.py:48:1:48:60 | suppression range |
 | testWindows.py:48:4:48:60 | Comment # lgtm[py/line-too-long] and lgtm[py/non-callable-called] |  lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/non-callable-called] | testWindows.py:48:1:48:60 | suppression range |
 | testWindows.py:49:4:49:33 | Comment # lgtm[py/line-too-long]; lgtm |  lgtm[py/line-too-long]; lgtm | lgtm | testWindows.py:49:1:49:33 | suppression range |

From f68e18cd9c5d210ee151fb4278e9c41e323be2e0 Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Fri, 16 Dec 2022 14:32:41 +0100
Subject: [PATCH 75/93] Python: move AlertSuppression.ql

---
 python/config/suites/lgtm/python-queries-lgtm                   | 2 +-
 python/ql/src/{analysis => }/AlertSuppression.ql                | 0
 .../query-tests/analysis/suppression/AlertSuppression.qlref     | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename python/ql/src/{analysis => }/AlertSuppression.ql (100%)

diff --git a/python/config/suites/lgtm/python-queries-lgtm b/python/config/suites/lgtm/python-queries-lgtm
index d594366ae5f..3c77478acc6 100644
--- a/python/config/suites/lgtm/python-queries-lgtm
+++ b/python/config/suites/lgtm/python-queries-lgtm
@@ -1,6 +1,6 @@
 + semmlecode-python-queries/analysis/Definitions.ql
     @_namespace com.lgtm/python-queries
-+ semmlecode-python-queries/analysis/AlertSuppression.ql
++ semmlecode-python-queries/AlertSuppression.ql
     @_namespace com.lgtm/python-queries
 + semmlecode-python-queries/Filters/ClassifyFiles.ql
     @_namespace com.lgtm/python-queries
diff --git a/python/ql/src/analysis/AlertSuppression.ql b/python/ql/src/AlertSuppression.ql
similarity index 100%
rename from python/ql/src/analysis/AlertSuppression.ql
rename to python/ql/src/AlertSuppression.ql
diff --git a/python/ql/test/query-tests/analysis/suppression/AlertSuppression.qlref b/python/ql/test/query-tests/analysis/suppression/AlertSuppression.qlref
index 7837430fbf9..9d7833eccae 100644
--- a/python/ql/test/query-tests/analysis/suppression/AlertSuppression.qlref
+++ b/python/ql/test/query-tests/analysis/suppression/AlertSuppression.qlref
@@ -1 +1 @@
-analysis/AlertSuppression.ql
+AlertSuppression.ql

From 06736e3e91c8e4927e906a127f15e1008084324b Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Fri, 16 Dec 2022 18:52:00 +0100
Subject: [PATCH 76/93] Add .gitattributes for Windows test files

---
 csharp/ql/test/query-tests/AlertSuppression/.gitattributes | 1 +
 go/ql/test/query-tests/AlertSuppression/.gitattributes     | 1 +
 ruby/ql/test/query-tests/AlertSuppression/.gitattributes   | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 csharp/ql/test/query-tests/AlertSuppression/.gitattributes
 create mode 100644 go/ql/test/query-tests/AlertSuppression/.gitattributes

diff --git a/csharp/ql/test/query-tests/AlertSuppression/.gitattributes b/csharp/ql/test/query-tests/AlertSuppression/.gitattributes
new file mode 100644
index 00000000000..ab4be0ef713
--- /dev/null
+++ b/csharp/ql/test/query-tests/AlertSuppression/.gitattributes
@@ -0,0 +1 @@
+AlertSuppressionWindows.cs eol=crlf
diff --git a/go/ql/test/query-tests/AlertSuppression/.gitattributes b/go/ql/test/query-tests/AlertSuppression/.gitattributes
new file mode 100644
index 00000000000..d71f241c6e8
--- /dev/null
+++ b/go/ql/test/query-tests/AlertSuppression/.gitattributes
@@ -0,0 +1 @@
+tstWindows.go eol=crlf
diff --git a/ruby/ql/test/query-tests/AlertSuppression/.gitattributes b/ruby/ql/test/query-tests/AlertSuppression/.gitattributes
index 7ed66a396cf..bb82b07a77c 100644
--- a/ruby/ql/test/query-tests/AlertSuppression/.gitattributes
+++ b/ruby/ql/test/query-tests/AlertSuppression/.gitattributes
@@ -1 +1 @@
-TestWindows.java eol=crlf
+TestWindows.rb eol=crlf

From 7549915773b6eeb6941dbb59d2b792f8f78a3d39 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Mon, 19 Dec 2022 12:52:35 +0100
Subject: [PATCH 77/93] C++: Accept test changes

---
 .../CWE-022/semmle/tests/TaintedPath.expected | 11 ++++----
 .../semmle/ExecTainted/ExecTainted.expected   |  6 ++---
 .../semmle/tests/OverflowDestination.expected |  8 +++---
 .../ImproperArrayIndexValidation.expected     | 14 +++++-----
 .../TaintedAllocationSize.expected            | 26 +++++++++----------
 .../tests/CleartextBufferWrite.expected       |  6 ++---
 6 files changed, 35 insertions(+), 36 deletions(-)

diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
index f4bf42b031f..97f44e15e79 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
@@ -1,12 +1,11 @@
 edges
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection |
-| test.c:31:22:31:25 | argv | test.c:32:11:32:18 | fileName indirection |
+| test.c:8:27:8:30 | argv | test.c:17:11:17:18 | fileName indirection |
+| test.c:8:27:8:30 | argv | test.c:32:11:32:18 | fileName indirection |
 | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection |
 | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection |
 nodes
-| test.c:9:23:9:26 | argv | semmle.label | argv |
+| test.c:8:27:8:30 | argv | semmle.label | argv |
 | test.c:17:11:17:18 | fileName indirection | semmle.label | fileName indirection |
-| test.c:31:22:31:25 | argv | semmle.label | argv |
 | test.c:32:11:32:18 | fileName indirection | semmle.label | fileName indirection |
 | test.c:37:17:37:24 | scanf output argument | semmle.label | scanf output argument |
 | test.c:38:11:38:18 | fileName indirection | semmle.label | fileName indirection |
@@ -14,7 +13,7 @@ nodes
 | test.c:44:11:44:18 | fileName indirection | semmle.label | fileName indirection |
 subpaths
 #select
-| test.c:17:11:17:18 | fileName | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:9:23:9:26 | argv | user input (a command-line argument) |
-| test.c:32:11:32:18 | fileName | test.c:31:22:31:25 | argv | test.c:32:11:32:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:31:22:31:25 | argv | user input (a command-line argument) |
+| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv | test.c:17:11:17:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
+| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv | test.c:32:11:32:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
 | test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
 | test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
index 20be1550401..7df605d6b1c 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
@@ -1,5 +1,5 @@
 edges
-| test.cpp:16:20:16:23 | argv | test.cpp:22:45:22:52 | userName indirection |
+| test.cpp:15:27:15:30 | argv | test.cpp:22:45:22:52 | userName indirection |
 | test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | command1 indirection |
 | test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
 | test.cpp:47:21:47:26 | call to getenv | test.cpp:50:35:50:43 | envCflags indirection |
@@ -74,7 +74,7 @@ edges
 | test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
 | test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
 nodes
-| test.cpp:16:20:16:23 | argv | semmle.label | argv |
+| test.cpp:15:27:15:30 | argv | semmle.label | argv |
 | test.cpp:22:13:22:20 | sprintf output argument | semmle.label | sprintf output argument |
 | test.cpp:22:45:22:52 | userName indirection | semmle.label | userName indirection |
 | test.cpp:23:12:23:19 | command1 indirection | semmle.label | command1 indirection |
@@ -161,7 +161,7 @@ subpaths
 | test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
 | test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
 #select
-| test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:16:20:16:23 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
+| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
 | test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
 | test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
 | test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
index 651dd4d1ac8..6a183de8d21 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
@@ -1,6 +1,6 @@
 edges
-| main.cpp:7:33:7:36 | argv | main.cpp:7:33:7:36 | argv |
-| main.cpp:7:33:7:36 | argv | main.cpp:7:33:7:36 | argv indirection |
+| main.cpp:6:27:6:30 | argv | main.cpp:7:33:7:36 | argv |
+| main.cpp:6:27:6:30 | argv | main.cpp:7:33:7:36 | argv indirection |
 | main.cpp:7:33:7:36 | argv | overflowdestination.cpp:23:45:23:48 | argv |
 | main.cpp:7:33:7:36 | argv indirection | overflowdestination.cpp:23:45:23:48 | *argv |
 | overflowdestination.cpp:23:45:23:48 | *argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
@@ -22,7 +22,7 @@ edges
 | overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src |
 | overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | *src |
 nodes
-| main.cpp:7:33:7:36 | argv | semmle.label | argv |
+| main.cpp:6:27:6:30 | argv | semmle.label | argv |
 | main.cpp:7:33:7:36 | argv | semmle.label | argv |
 | main.cpp:7:33:7:36 | argv indirection | semmle.label | argv indirection |
 | overflowdestination.cpp:23:45:23:48 | *argv | semmle.label | *argv |
@@ -46,7 +46,7 @@ nodes
 subpaths
 | overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
 #select
-| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:7:33:7:36 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
+| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
index d0cdade3128..721db6b35f1 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
@@ -1,7 +1,7 @@
 edges
-| test1.c:8:16:8:19 | argv | test1.c:9:9:9:9 | i |
-| test1.c:8:16:8:19 | argv | test1.c:11:9:11:9 | i |
-| test1.c:8:16:8:19 | argv | test1.c:13:9:13:9 | i |
+| test1.c:7:26:7:29 | argv | test1.c:9:9:9:9 | i |
+| test1.c:7:26:7:29 | argv | test1.c:11:9:11:9 | i |
+| test1.c:7:26:7:29 | argv | test1.c:13:9:13:9 | i |
 | test1.c:9:9:9:9 | i | test1.c:16:16:16:16 | i |
 | test1.c:11:9:11:9 | i | test1.c:32:16:32:16 | i |
 | test1.c:13:9:13:9 | i | test1.c:48:16:48:16 | i |
@@ -9,7 +9,7 @@ edges
 | test1.c:32:16:32:16 | i | test1.c:33:11:33:11 | i |
 | test1.c:48:16:48:16 | i | test1.c:53:15:53:15 | j |
 nodes
-| test1.c:8:16:8:19 | argv | semmle.label | argv |
+| test1.c:7:26:7:29 | argv | semmle.label | argv |
 | test1.c:9:9:9:9 | i | semmle.label | i |
 | test1.c:11:9:11:9 | i | semmle.label | i |
 | test1.c:13:9:13:9 | i | semmle.label | i |
@@ -21,6 +21,6 @@ nodes
 | test1.c:53:15:53:15 | j | semmle.label | j |
 subpaths
 #select
-| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
-| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
-| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
+| test1.c:18:16:18:16 | i | test1.c:7:26:7:29 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument |
+| test1.c:33:11:33:11 | i | test1.c:7:26:7:29 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument |
+| test1.c:53:15:53:15 | j | test1.c:7:26:7:29 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
index c949b863bac..dc9f30b0a05 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
@@ -1,10 +1,10 @@
 edges
-| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted |
-| test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted |
+| test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... |
 | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... |
 | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... |
 | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... |
@@ -26,7 +26,7 @@ edges
 | test.cpp:289:17:289:20 | size [post update] | test.cpp:291:11:291:28 | ... * ... |
 | test.cpp:305:18:305:21 | size [post update] | test.cpp:308:10:308:27 | ... * ... |
 nodes
-| test.cpp:40:21:40:24 | argv | semmle.label | argv |
+| test.cpp:39:27:39:30 | argv | semmle.label | argv |
 | test.cpp:43:38:43:44 | tainted | semmle.label | tainted |
 | test.cpp:44:38:44:63 | ... * ... | semmle.label | ... * ... |
 | test.cpp:46:38:46:63 | ... + ... | semmle.label | ... + ... |
@@ -60,12 +60,12 @@ nodes
 | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
 subpaths
 #select
-| test.cpp:43:31:43:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
-| test.cpp:44:31:44:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
-| test.cpp:46:31:46:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
-| test.cpp:49:25:49:30 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
-| test.cpp:50:17:50:30 | new[] | test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
-| test.cpp:53:21:53:27 | call to realloc | test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
+| test.cpp:43:31:43:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
+| test.cpp:44:31:44:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
+| test.cpp:46:31:46:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
+| test.cpp:49:25:49:30 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
+| test.cpp:50:17:50:30 | new[] | test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
+| test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
 | test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) |
 | test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | call to getenv | user input (an environment variable) |
 | test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:25 | call to getenv | user input (an environment variable) |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
index 23850de9418..8cece3f45f5 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
@@ -1,10 +1,10 @@
 edges
-| test.cpp:54:17:54:20 | argv | test.cpp:58:25:58:29 | input |
+| test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input |
 nodes
 | test2.cpp:110:3:110:6 | call to gets | semmle.label | call to gets |
-| test.cpp:54:17:54:20 | argv | semmle.label | argv |
+| test.cpp:53:27:53:30 | argv | semmle.label | argv |
 | test.cpp:58:25:58:29 | input | semmle.label | input |
 subpaths
 #select
 | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | This write into buffer 'password' may contain unencrypted data from $@. | test2.cpp:110:3:110:6 | call to gets | user input (string read by gets) |
-| test.cpp:58:3:58:9 | call to sprintf | test.cpp:54:17:54:20 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:54:17:54:20 | argv | user input (a command-line argument) |
+| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv | user input (a command-line argument) |

From ed33b905a6e65131be950fc2c736f620dc9e603a Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Mon, 19 Dec 2022 12:54:16 +0100
Subject: [PATCH 78/93] C++: Simplify `cpp/path-injection` now `argv` sources
 are parameters

---
 cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql | 2 --
 1 file changed, 2 deletions(-)

diff --git a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
index f000e25df52..cbae4baad84 100644
--- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
@@ -91,8 +91,6 @@ class TaintedPathConfiguration extends TaintTracking::Configuration {
     )
   }
 
-  override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) }
-
   override predicate isSanitizer(DataFlow::Node node) {
     node.asExpr().(Call).getTarget().getUnspecifiedType() instanceof ArithmeticType
     or

From edd29f4b0ed9a9efc7c0b90710ef2489f090a8ba Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Mon, 19 Dec 2022 13:50:50 +0100
Subject: [PATCH 79/93] C++: Add change note

---
 .../change-notes/2022-12-19-argv-as-parameter-flowsource.md   | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md

diff --git a/cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md b/cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md
new file mode 100644
index 00000000000..2bf899cffe5
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter.

From af6085123301a2cb0591356169f952a20b343c8c Mon Sep 17 00:00:00 2001
From: James Fletcher <42464962+jf205@users.noreply.github.com>
Date: Mon, 19 Dec 2022 12:52:32 +0000
Subject: [PATCH 80/93] Update query-classification-and-display.md

Removes the section about queries run on LGTM.com.
---
 docs/query-classification-and-display.md | 25 ------------------------
 1 file changed, 25 deletions(-)

diff --git a/docs/query-classification-and-display.md b/docs/query-classification-and-display.md
index 8f819512b3c..7a417c1f0fa 100644
--- a/docs/query-classification-and-display.md
+++ b/docs/query-classification-and-display.md
@@ -74,28 +74,3 @@ results it is supposed to find, i.e., how well it implements its
 on what we consider that rule to be. We generally try to sharpen our
 rules to focus on results that a developer might actually be interested
 in.
-
-## Which queries to run and display on LGTM
-
-The following queries are run:
-
-Precision:     | very-high | high    | medium  | low
----------------|-----------|---------|---------|----
-Error          | **Yes**   | **Yes** | **Yes** | No
-Warning        | **Yes**   | **Yes** | **Yes** | No
-Recommendation | **Yes**   | **Yes** | No      | No
-
-The following queries have their results displayed by default:
-
-Precision:     | very-high | high    | medium | low
----------------|-----------|---------|--------|----
-Error          | **Yes**   | **Yes** | No     | No
-Warning        | **Yes**   | **Yes** | No     | No
-Recommendation | **Yes**   | No      | No     | No
-  
-Results for queries that are run but not displayed by default can be
-made visible by editing the project configuration.
-  
-Queries from custom query packs (in-repo or site-wide) are always run
-and displayed by default. They can be hidden by editing the project
-config, and "disabled" by removing them from the query pack.

From 75b63bbb0eb567d6838e406cf1f47c891d797062 Mon Sep 17 00:00:00 2001
From: James Fletcher <42464962+jf205@users.noreply.github.com>
Date: Mon, 19 Dec 2022 13:11:31 +0000
Subject: [PATCH 81/93] Update supported-queries.md

Removes mentions of LGTM.
---
 docs/supported-queries.md | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/docs/supported-queries.md b/docs/supported-queries.md
index 2393ade24f5..59521265a1c 100644
--- a/docs/supported-queries.md
+++ b/docs/supported-queries.md
@@ -34,12 +34,8 @@ The process must begin with the first step and must conclude with the final step
 
    Test the query on a number of large real-world projects to make sure it doesn't give too many false positive results. Adjust the `@precision` and `@problem.severity` attributes in accordance with the real-world results you observe. See the advice on query metadata below.
 
-   You can use the LGTM.com [query console](https://lgtm.com/query) to get an overview of true and false positive results on a large number of projects. The simplest way to do this is to:
-
-   1. [Create a list of prominent projects](https://lgtm.com/help/lgtm/managing-project-lists) on LGTM.
-   2. In the query console, [run your query against your custom project list](https://lgtm.com/help/lgtm/using-query-console).
-   3. Save links to your query console results and include them in discussions on issues and pull requests.
-
+   GitHub is running a private beta test of a new feature for testing CodeQL queries at scale from VS Code. To request access to the beta program, please respond to this [GitHub Discussion](https://github.com/orgs/community/discussions/40453).
+   
 5. **Test and improve performance**
 
    There must be a balance between the execution time of a query and the value of its results: queries that are highly valuable and broadly applicable can be allowed to take longer to run. In all cases, you need to address any easy-to-fix performance issues before the query is put into production.
@@ -62,8 +58,6 @@ The process must begin with the first step and must conclude with the final step
 
       - The severity is one of `error`, `warning`, or `recommendation`.
       - The precision is one of `very-high`, `high`, `medium` or `low`. It may take a few iterations to get this right.
-      - Currently, LGTM runs all `error` or `warning` queries with a `very-high`, `high`, or `medium` precision. In addition, `recommendation` queries with `very-high` or `high` precision are run.
-      - However, results from `error` and `warning` queries with `medium` precision, as well as `recommendation` queries with `high` precision, are not shown by default.
 
    c. All queries need an `@id`.
 

From 2ca56e0c1ef976e43d17d438c7b09e98965cca29 Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Thu, 15 Dec 2022 12:14:37 +0000
Subject: [PATCH 82/93] Java: handle printing an empty comment (/**/); add
 relevant tests

---
 .../2022-12-15-empty-multiline-comments.md           |  4 ++++
 java/ql/lib/semmle/code/java/Javadoc.qll             |  8 ++++++--
 .../ql/test/library-tests/comments/PrintAst.expected | 12 ++++++++++++
 java/ql/test/library-tests/comments/Test.java        |  7 +++++++
 .../ql/test/library-tests/comments/toString.expected |  3 +++
 5 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 java/ql/lib/change-notes/2022-12-15-empty-multiline-comments.md

diff --git a/java/ql/lib/change-notes/2022-12-15-empty-multiline-comments.md b/java/ql/lib/change-notes/2022-12-15-empty-multiline-comments.md
new file mode 100644
index 00000000000..b58bcd39d89
--- /dev/null
+++ b/java/ql/lib/change-notes/2022-12-15-empty-multiline-comments.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* We now correctly handle empty block comments, like `/**/`. Previously these could be mistaken for Javadoc comments and led to attribution of Javadoc tags to the wrong declaration.
diff --git a/java/ql/lib/semmle/code/java/Javadoc.qll b/java/ql/lib/semmle/code/java/Javadoc.qll
index 23137d3619f..f14d8776ddc 100644
--- a/java/ql/lib/semmle/code/java/Javadoc.qll
+++ b/java/ql/lib/semmle/code/java/Javadoc.qll
@@ -33,7 +33,11 @@ class Javadoc extends JavadocParent, @javadoc {
   string getAuthor() { result = this.getATag("@author").getChild(0).toString() }
 
   override string toString() {
-    result = this.toStringPrefix() + this.getChild(0) + this.toStringPostfix()
+    exists(string childStr |
+      if exists(this.getChild(0)) then childStr = this.getChild(0).toString() else childStr = ""
+    |
+      result = this.toStringPrefix() + childStr + this.toStringPostfix()
+    )
   }
 
   private string toStringPrefix() {
@@ -48,7 +52,7 @@ class Javadoc extends JavadocParent, @javadoc {
     if isEolComment(this)
     then result = ""
     else (
-      if strictcount(this.getAChild()) = 1 then result = " */" else result = " ... */"
+      if strictcount(this.getAChild()) > 1 then result = " ... */" else result = " */"
     )
   }
 
diff --git a/java/ql/test/library-tests/comments/PrintAst.expected b/java/ql/test/library-tests/comments/PrintAst.expected
index be018582311..22280572238 100644
--- a/java/ql/test/library-tests/comments/PrintAst.expected
+++ b/java/ql/test/library-tests/comments/PrintAst.expected
@@ -14,6 +14,18 @@ Test.java:
 #   21|     3: [Method] test
 #   21|       3: [TypeAccess] void
 #   21|       5: [BlockStmt] { ... }
+#   23|     4: [Method] method1
+#   23|       3: [TypeAccess] void
+#   23|       5: [BlockStmt] { ... }
+#   24|     5: [Method] method2
+#   24|       3: [TypeAccess] void
+#   24|       5: [BlockStmt] { ... }
+#   28|     6: [Method] method3
+#-----|       0: (Javadoc)
+#   25|         1: [Javadoc] /** JavaDoc for method3 */
+#   26|           0: [JavadocText] JavaDoc for method3
+#   28|       3: [TypeAccess] void
+#   28|       5: [BlockStmt] { ... }
 TestWindows.java:
 #    0| [CompilationUnit] TestWindows
 #    5|   1: [Class] TestWindows
diff --git a/java/ql/test/library-tests/comments/Test.java b/java/ql/test/library-tests/comments/Test.java
index 4f4fdb5b8f3..54e8a4e6ec3 100644
--- a/java/ql/test/library-tests/comments/Test.java
+++ b/java/ql/test/library-tests/comments/Test.java
@@ -19,4 +19,11 @@ class Test {
 	// an end-of-line comment with trailing whitespace        
 	//an end-of-line comment without a leading space
 	void test() {} // an end-of-line comment with preceding code
+
+        void method1() { /**/ } // A block comment containing the /** JavaDoc prefix }
+        void method2() { }
+        /**
+         * JavaDoc for method3
+         */
+        void method3() { }
 }
diff --git a/java/ql/test/library-tests/comments/toString.expected b/java/ql/test/library-tests/comments/toString.expected
index f54af1cc996..27a8b6f8273 100644
--- a/java/ql/test/library-tests/comments/toString.expected
+++ b/java/ql/test/library-tests/comments/toString.expected
@@ -8,6 +8,9 @@
 | Test.java:19:2:19:59 | // an end-of-line comment with trailing whitespace         |
 | Test.java:20:2:20:49 | //an end-of-line comment without a leading space |
 | Test.java:21:17:21:61 | // an end-of-line comment with preceding code |
+| Test.java:23:26:23:29 | /*  */ |
+| Test.java:23:33:23:86 | // A block comment containing the /** JavaDoc prefix } |
+| Test.java:25:9:27:11 | /** JavaDoc for method3 */ |
 | TestWindows.java:1:1:4:3 | /** A JavaDoc comment ... */ |
 | TestWindows.java:6:2:6:45 | /** A JavaDoc comment with a single line. */ |
 | TestWindows.java:8:3:8:27 | // a single-line comment |

From 682bf6d3a786d85acaa08940536a0f40e2ee6f20 Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Mon, 19 Dec 2022 14:16:05 +0100
Subject: [PATCH 83/93] Apply suggestions from code review

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
---
 javascript/ql/src/AlertSuppression.ql | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/javascript/ql/src/AlertSuppression.ql b/javascript/ql/src/AlertSuppression.ql
index 5d1aa6a5e29..233e6e4047c 100644
--- a/javascript/ql/src/AlertSuppression.ql
+++ b/javascript/ql/src/AlertSuppression.ql
@@ -6,15 +6,15 @@
  */
 
 private import codeql.suppression.AlertSuppression as AS
-private import semmle.javascript.Locations as L
+private import javascript as JS
 
 class SingleLineComment extends L::Locatable {
   private string text;
 
   SingleLineComment() {
     (
-      text = this.(L::Comment).getText() or
-      text = this.(L::HTML::CommentNode).getText()
+      text = this.(JS::Comment).getText() or
+      text = this.(JS::HTML::CommentNode).getText()
     ) and
     // suppression comments must be single-line
     not text.matches("%\n%")

From 23047d8246d84b3a2c127637701524cfac898205 Mon Sep 17 00:00:00 2001
From: James Fletcher <42464962+jf205@users.noreply.github.com>
Date: Mon, 19 Dec 2022 13:24:52 +0000
Subject: [PATCH 84/93] Delete query-classification-and-display.md

---
 docs/query-classification-and-display.md | 76 ------------------------
 1 file changed, 76 deletions(-)
 delete mode 100644 docs/query-classification-and-display.md

diff --git a/docs/query-classification-and-display.md b/docs/query-classification-and-display.md
deleted file mode 100644
index 7a417c1f0fa..00000000000
--- a/docs/query-classification-and-display.md
+++ /dev/null
@@ -1,76 +0,0 @@
-# Query classification and display
-
-## Attributable Queries
-
-The results of some queries are unsuitable for attribution to individual
-developers. Most of them have a threshold value on which they trigger,
-for example all metric violations and statistics based queries. The
-results of such queries would all be attributed to the person pushing
-the value over (or under) the threshold. Some queries only trigger when
-another one doesn't. An example of this is the MaybeNull query which
-only triggers if the AlwaysNull query doesn't. A small change in the
-data flow could make an alert switch from AlwaysNull to MaybeNull (or
-vice versa). As a result we attribute both a fix and an introduction to
-the developer that changed the data flow. For this particular example
-the funny attribution results are more a nuisance than a real problem;
-the overall alert count remains unchanged. However, for the duplicate
-and similar code queries the effects can be much more severe, as they
-come in versions for "duplicate file" and "duplicate function" among
-many others, where "duplicate function" only triggers if "duplicate
-file" didn't. As a result adding some code to a duplicate file might
-result in a "fix" of a "duplicate file" alert and an introduction of
-many "duplicate function" alerts. This would be highly unfair.
-Currently, only the duplicate and similar code queries exhibit this
-"exchanging one for many" alerts when trying to attribute their results.
-Therefore we currently exclude all duplicate code related alerts from
-attribution.
-
-The following queries are excluded from attribution:
-
-- Metric violations, i.e. the ones with metadata properties like
-  `@(error|warning|recommendation)-(to|from)`
-- Queries with tag `non-attributable`
-
-This check is applied when the results of a single attribution are
-loaded into the datastore. This means that any change to this behaviour
-will only take effect on newly attributed revisions but the historical
-data remains unchanged.
-
-## Query severity and precision
-
-We currently classify queries on two axes, with some additional tags.
-Those axes are severity and precision, and are defined using the
-query-metadata properties `@problem.severity` and `@precision`.
-
-For severity, we have the following categories:
-
-- Error
-- Warning
-- Recommendation
-
-These categories may change in the future.
-
-For precision, we have the following categories:
-
-- very-high
-- high
-- medium
-- low
-
-As [usual](https://en.wikipedia.org/wiki/Precision_and_recall),
-precision is defined as the percentage of query results that are true
-positives, i.e., precision = number of true positives / (number of true
-positives + number of false positives). There is no hard-and-fast rule
-for which precision ranges correspond to which categories.
-
-We expect these categories to remain unchanged for the foreseeable
-future.
-
-### A note on precision
-
-Intuitively, precision measures how well the query performs at finding the
-results it is supposed to find, i.e., how well it implements its
-(informal, unwritten) rule. So how precise a query is depends very much
-on what we consider that rule to be. We generally try to sharpen our
-rules to focus on results that a developer might actually be interested
-in.

From d0af30b40aa6d5d4ada707512836dc63274deeec Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Mon, 19 Dec 2022 14:28:01 +0100
Subject: [PATCH 85/93] cleanup the implementation of `toString()` for
 `SuperCall

---
 ruby/ql/lib/codeql/ruby/ast/Call.qll | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/ruby/ql/lib/codeql/ruby/ast/Call.qll b/ruby/ql/lib/codeql/ruby/ast/Call.qll
index fc8ee692235..8bc5f6ff877 100644
--- a/ruby/ql/lib/codeql/ruby/ast/Call.qll
+++ b/ruby/ql/lib/codeql/ruby/ast/Call.qll
@@ -125,11 +125,7 @@ class MethodCall extends Call instanceof MethodCallImpl {
    */
   final predicate isSafeNavigation() { super.isSafeNavigationImpl() }
 
-  override string toString() {
-    if this instanceof SuperCall
-    then result = "super call to " + this.getMethodName()
-    else result = "call to " + this.getMethodName()
-  }
+  override string toString() { result = "call to " + this.getMethodName() }
 
   override AstNode getAChild(string pred) {
     result = Call.super.getAChild(pred)
@@ -214,6 +210,8 @@ class YieldCall extends Call instanceof YieldCallImpl {
  */
 class SuperCall extends MethodCall instanceof SuperCallImpl {
   final override string getAPrimaryQlClass() { result = "SuperCall" }
+
+  override string toString() { result = "super call to " + this.getMethodName() }
 }
 
 /**

From 8be882f815de07f3d50ca358bd22c9ea3c8add91 Mon Sep 17 00:00:00 2001
From: Arthur Baars <aibaars@github.com>
Date: Mon, 19 Dec 2022 14:35:16 +0100
Subject: [PATCH 86/93] Update javascript/ql/src/AlertSuppression.ql

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
---
 javascript/ql/src/AlertSuppression.ql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/javascript/ql/src/AlertSuppression.ql b/javascript/ql/src/AlertSuppression.ql
index 233e6e4047c..f2ac1624c32 100644
--- a/javascript/ql/src/AlertSuppression.ql
+++ b/javascript/ql/src/AlertSuppression.ql
@@ -8,7 +8,7 @@
 private import codeql.suppression.AlertSuppression as AS
 private import javascript as JS
 
-class SingleLineComment extends L::Locatable {
+class SingleLineComment extends JS::Locatable {
   private string text;
 
   SingleLineComment() {

From 0c6ace350fd8c17afdba1a1fc957d75a143d0c4e Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Mon, 19 Dec 2022 16:24:39 +0100
Subject: [PATCH 87/93] Update
 java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
---
 .../Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
index d27267fc02c..d42f956fc3d 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
@@ -1,6 +1,6 @@
 /**
  * @name Android missing certificate pinning
- * @description Network connections that do not use certificate pinning may allow attackers to eavesdrop communications.
+ * @description Network connections that do not use certificate pinning may allow attackers to eavesdrop on communications.
  * @kind problem
  * @problem.severity warning
  * @security-severity 5.9

From 0c710479ec4c01a3952eb5a444a917db8ddc5836 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Mon, 19 Dec 2022 16:35:24 +0100
Subject: [PATCH 88/93] C++: Update experimental test changes

---
 .../Security/CWE/CWE-078/WordexpTainted.expected       | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected
index a8d7a480c81..b9b424f4513 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected
@@ -1,11 +1,11 @@
 edges
-| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... |
-| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath |
+| test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | (const char *)... |
+| test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath |
 nodes
-| test.cpp:23:20:23:23 | argv | semmle.label | argv |
+| test.cpp:22:27:22:30 | argv | semmle.label | argv |
 | test.cpp:29:13:29:20 | (const char *)... | semmle.label | (const char *)... |
 | test.cpp:29:13:29:20 | filePath | semmle.label | filePath |
 subpaths
 #select
-| test.cpp:29:13:29:20 | (const char *)... | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |
-| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |
+| test.cpp:29:13:29:20 | (const char *)... | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | (const char *)... | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |
+| test.cpp:29:13:29:20 | filePath | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |

From 624c9ff8345b97ed2f0ac1ef318cdc1d91671517 Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Mon, 19 Dec 2022 17:26:41 +0100
Subject: [PATCH 89/93] Update
 java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java

---
 .../Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java
index 78d80ea882f..d7d9f80265c 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java
@@ -1,2 +1,2 @@
-// BAD - By default, this network cal does not use certificate pinning
+// BAD - By default, this network call does not use certificate pinning
 URLConnection conn = new URL("https://example.com").openonnection();
\ No newline at end of file

From a47ef17a0d06ec85acdd3c3e8143253b0bcec3c6 Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Mon, 19 Dec 2022 18:11:54 +0100
Subject: [PATCH 90/93] Update
 java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java

Co-authored-by: Edward Minnix III <egregius313@github.com>
---
 .../Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java
index d7d9f80265c..22b6f176f66 100644
--- a/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java
+++ b/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java
@@ -1,2 +1,2 @@
 // BAD - By default, this network call does not use certificate pinning
-URLConnection conn = new URL("https://example.com").openonnection();
\ No newline at end of file
+URLConnection conn = new URL("https://example.com").openConnection();
\ No newline at end of file

From 35000e5d7e7ed6720ac16c5ecb5a3d4abb82d7f5 Mon Sep 17 00:00:00 2001
From: Sid Shankar <sidshank@github.com>
Date: Mon, 19 Dec 2022 20:12:23 +0000
Subject: [PATCH 91/93] Remove LGTM reference from CONTRIBUTING.md

---
 go/CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go/CONTRIBUTING.md b/go/CONTRIBUTING.md
index 1b4868b9dba..e9f234d27f4 100644
--- a/go/CONTRIBUTING.md
+++ b/go/CONTRIBUTING.md
@@ -44,7 +44,7 @@ Follow the steps below to help other users understand what your query does, and
 
 4. **Make sure the `select` statement is compatible with the query type**
 
-   The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in LGTM and Visual Studio Code.
+   The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in query results.
    For more information on `select` statement format, see [About CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/#select-clause) on codeql.github.com.
 
 5. **Write a query help file**

From ae3e25786f883afe2e1da8a478fa48d1f2302c22 Mon Sep 17 00:00:00 2001
From: Sid Shankar <sidshank@github.com>
Date: Mon, 19 Dec 2022 20:51:01 +0000
Subject: [PATCH 92/93] Remove LGTM references from README.md + cleanup

---
 go/README.md | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/go/README.md b/go/README.md
index 6569eec3da9..b7c4d5cb98e 100644
--- a/go/README.md
+++ b/go/README.md
@@ -1,8 +1,7 @@
 # Go analysis support for CodeQL
 
-This open-source repository contains the extractor, CodeQL libraries, and queries that power Go
-support in [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com)
-makes available to its customers worldwide.
+This sub-folder contains the extractor, CodeQL libraries, and queries that power Go
+support for CodeQL.
 
 It contains two major components:
   - an extractor, itself written in Go, that parses Go source code and converts it into a database
@@ -10,11 +9,6 @@ It contains two major components:
   - static analysis libraries and queries written in [CodeQL](https://codeql.github.com/docs/) that can be
     used to analyze such a database to find coding mistakes or security vulnerabilities.
 
-The goal of this project is to provide comprehensive static analysis support for Go in CodeQL.
-
-For the queries and libraries that power CodeQL support for other languages, visit [the CodeQL
-repository](https://github.com/github/codeql).
-
 ## Installation
 
 Clone this repository.
@@ -30,15 +24,9 @@ Code workspace.
 
 To analyze a Go codebase, either use the [CodeQL command-line
 interface](https://codeql.github.com/docs/codeql-cli/) to create a database yourself, or
-download a pre-built database from [LGTM.com](https://lgtm.com/). You can then run any of the
+download a pre-built database from [GitHub.com](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#downloading-databases-from-github-com). You can then run any of the
 queries contained in this repository either on the command line or using the VS Code extension.
 
-Note that the [lgtm.com](https://github.com/github/codeql/tree/lgtm.com) branch of this
-repository corresponds to the version of the queries that is currently deployed on LGTM.com.
-The [main](https://github.com/github/codeql/tree/main) branch may contain changes that
-have not been deployed yet, so you may need to upgrade databases downloaded from LGTM.com before
-running queries on them.
-
 ## Contributions
 
 Contributions are welcome! Please see our [contribution guidelines](CONTRIBUTING.md) and our

From 3e7a819fe7f105f9c9de0d57fc08089e4ac1bdbf Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Tue, 20 Dec 2022 09:42:25 +0100
Subject: [PATCH 93/93] Simplification

---
 .../code/java/security/AndroidCertificatePinningQuery.qll   | 5 ++---
 .../CWE-295/AndroidMissingCertificatePinning/Test1/test.ql  | 6 +-----
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
index 19ab883efa2..70dc1a7a328 100644
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -110,7 +110,7 @@ private class UntrustedUrlConfig extends TaintTracking::Configuration {
   UntrustedUrlConfig() { this = "UntrustedUrlConfig" }
 
   override predicate isSource(DataFlow::Node node) {
-    exists(string d | trustedDomain(d)) and
+    trustedDomain(_) and
     exists(string lit | lit = node.asExpr().(CompileTimeConstantExpr).getStringValue() |
       lit.matches("%://%") and // it's a URL
       not exists(string dom | trustedDomain(dom) and lit.matches("%" + dom + "%"))
@@ -125,8 +125,7 @@ predicate missingPinning(DataFlow::Node node, string domain) {
   isAndroid() and
   node instanceof MissingPinningSink and
   (
-    not exists(string s | trustedDomain(s)) and
-    domain = ""
+    not trustedDomain(_) and domain = ""
     or
     exists(UntrustedUrlConfig conf, DataFlow::Node src |
       conf.hasFlow(src, node) and
diff --git a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql
index 6dc626a59e0..91a23044730 100644
--- a/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql
+++ b/java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql
@@ -13,11 +13,7 @@ class Test extends InlineExpectationsTest {
       loc = node.getLocation() and
       el = node.toString() and
       value = "" and
-      (
-        if exists(string x | trustedDomain(x))
-        then tag = "hasUntrustedResult"
-        else tag = "hasNoTrustedResult"
-      )
+      if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
     )
   }
 }