hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Fix a bug in isSafeClientSideUrlProperty

Browse Source
This commit is contained in:
Asger F
2024-09-11 15:09:03 +02:00
parent bc04131c72
commit 2712bf821a
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll
View File

@@ -255,7 +255,7 @@ module TaintTracking {
exists(StringSplitCall c |
c.getBaseString().getALocalSource() =
[DOM::locationRef(), DOM::locationRef().getAPropertyRead("href")] and
c.getSeparator() = "?" and
c.getSeparator() = ["?", "#"] and
read = c.getAPropertyRead("0")
)
}