hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

doc fixes

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-03-03 09:50:02 +01:00
parent c4ebd66b34
commit 1781179e25
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
View File

@@ -319,7 +319,7 @@ module ReflectedXss {
send.getRouteHandler() = h and
result = nonHtmlContentTypeHeader(h)
|
// not the case that the control just exists without potentially going to the worksFor.
// The HeaderDefinition affects a response sent at `send`.
not isIrrelevantFor(result, send)
)
}
@@ -333,9 +333,10 @@ module ReflectedXss {
}
/**
* Holds if a header set in `header` is unlikely to affect a resonse send in `sender`.
* Holds if a header set in `header` is unlikely to affect a response sent at `sender`.
*/
predicate isIrrelevantFor(HTTP::HeaderDefinition header, HTTP::ResponseSendArgument sender) {
sender.getRouteHandler() = header.getRouteHandler() and
not header.getBasicBlock().getASuccessor*() = sender.getBasicBlock() and
not sender.getBasicBlock().getASuccessor*() = header.getBasicBlock() and
(