Merge pull request #3332 from erik-krogh/JGrowl

Approved by esbena
2026-04-25 16:55:19 +02:00 · 2020-04-23 13:06:00 +01:00
parent 801ce89c67 d8c498bd15
commit 36b28386f8
7 changed files with 41 additions and 1 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -99,6 +99,8 @@ module DomBasedXss {
      this = any(Typeahead::TypeaheadSuggestionFunction f).getAReturn()
      or
      this = any(Handlebars::SafeString s).getAnArgument()
+      or
+      this = any(JQuery::MethodCall call | call.getMethodName() = "jGrowl").getArgument(0)
    }
  }