diff --git a/go/ql/lib/semmle/go/security/Xss.qll b/go/ql/lib/semmle/go/security/Xss.qll
index 2f171a36a10..e6e207216ca 100644
--- a/go/ql/lib/semmle/go/security/Xss.qll
+++ b/go/ql/lib/semmle/go/security/Xss.qll
@@ -143,10 +143,10 @@ module SharedXss {
     HtmlTemplateSanitizer() {
       exists(Method m, DataFlow::CallNode call | m = call.getCall().getTarget() |
         m.hasQualifiedName("html/template", "Template", "ExecuteTemplate") and
-        call.getArgument(2) = this
+        this = call.getArgument(2)
         or
         m.hasQualifiedName("html/template", "Template", "Execute") and
-        call.getArgument(1) = this
+        this = call.getArgument(1)
       )
     }
   }