hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: minor fixups

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2020-01-29 10:22:52 +01:00
parent 2ad9b843ae
commit 1de1c15919
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll
View File

@@ -115,7 +115,7 @@ module UnsafeJQueryPlugin {
}
/**
* Holds if `plugin` has a default option defined a `def`.
* Holds if `plugin` has a default option defined at `def`.
*/
private predicate hasDefaultOption(JQueryPluginMethod plugin, DataFlow::PropWrite def) {
exists(ExtendCall extend, JQueryPluginOptions options, DataFlow::SourceNode default |
@@ -161,7 +161,7 @@ module UnsafeJQueryPlugin {
IsElementSanitizer() {
// common ad hoc sanitizing calls
exists(string name | getCalleeName() = name |
name = "isElement" or name = "isWindow" or name = "isWindow"
name = "isElement" or name = "isDocument" or name = "isWindow"
)
}
@@ -171,7 +171,7 @@ module UnsafeJQueryPlugin {
}
/**
* Expression of like `typeof x.<?> !== "undefined"` or `x.<?>`, which sanitizes `x`, as it is unlikely to be a string afterwards.
* Expression like `typeof x.<?> !== "undefined"` or `x.<?>`, which sanitizes `x`, as it is unlikely to be a string afterwards.
*/
class PropertyPrecenseSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode {
DataFlow::Node input;