hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add NumericType sanitizer

Browse Source
This commit is contained in:
Slavomir
2021-03-24 15:19:06 +01:00
committed by Chris Smowton
parent 541c411086
commit 1a9b09e8bd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
View File

@@ -144,7 +144,7 @@ class FlowConfFromUntrustedToTemplateExecutionCall extends TaintTracking::Config
override predicate isSink(DataFlow::Node sink) { isSinkToTemplateExec(sink, _) }
override predicate isSanitizer(DataFlow::Node sanitizer) {
sanitizer instanceof SharedXss::Sanitizer
sanitizer instanceof SharedXss::Sanitizer or sanitizer.getType() instanceof NumericType
}
}