hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated UriEncodingSanitizer comment

Browse Source
This commit is contained in:
Napalys Klicius
2025-06-16 10:54:12 +02:00
parent 798721bd71
commit 0d5f5104d1
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
View File

@@ -106,9 +106,9 @@ module RequestForgery {
private import Xss as Xss
/**
* A call to `encodeURI` or `encodeURIComponent`, viewed as a sanitizer for request forgery.
* A call to `encodeURIComponent`, viewed as a sanitizer for request forgery.
* These calls will escape "/" to "%2F", which is not a problem for request forgery.
* The result from calling `encodeURI` or `encodeURIComponent` is not a valid URL, and only makes sense
* The result from calling `encodeURIComponent` is not a valid URL, and only makes sense
* as a part of a URL.
*/
class UriEncodingSanitizer extends Sanitizer instanceof Xss::Shared::UriEncodingSanitizer {