hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Track trusted type policy callbacks

Browse Source
This commit is contained in:
Asger F
2023-03-07 10:22:26 +01:00
parent 9b02eb729f
commit 0affd898de
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/lib/semmle/javascript/frameworks/TrustedTypes.qll
View File

@@ -25,8 +25,7 @@ module TrustedTypes {
/** Gets the function passed as the given option. */
DataFlow::FunctionNode getPolicyCallback(string method) {
// Require local callback to avoid potential call/return mismatch in the uses below
result = getOptionArgument(1, method).getALocalSource()
result = getParameter(1).getMember(method).getAValueReachingSink()
}
}