From 1a9b09e8bd471cc95fb10fa252ee88762ebd200d Mon Sep 17 00:00:00 2001
From: Slavomir <gagliardetto@users.noreply.github.com>
Date: Wed, 24 Mar 2021 15:19:06 +0100
Subject: [PATCH] Add NumericType sanitizer

---
 ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql b/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
index df575dfa398..3cef4f1e035 100755
--- a/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
+++ b/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
@@ -144,7 +144,7 @@ class FlowConfFromUntrustedToTemplateExecutionCall extends TaintTracking::Config
   override predicate isSink(DataFlow::Node sink) { isSinkToTemplateExec(sink, _) }
 
   override predicate isSanitizer(DataFlow::Node sanitizer) {
-    sanitizer instanceof SharedXss::Sanitizer
+    sanitizer instanceof SharedXss::Sanitizer or sanitizer.getType() instanceof NumericType
   }
 }