hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Add change note

Browse Source
This commit is contained in:
Asger Feldthaus
2021-03-15 11:03:00 +00:00
parent a76be91481
commit 3922c73be7
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/change-notes/2021-03-15-client-side-remote-flow-sources.md Normal file
View File

@@ -0,0 +1,6 @@
lgtm,codescanning
* The security queries now distinguish more clearly between different parts of `window.locaton`.
When the taint source of an alert is based on `window.location`, the source will usually
occur closer to where user-controlled data is obtained, such as at `location.hash`.
* `js/request-forgery` no longer considers client-side path parameters to be a source due to
the restricted character set usable in a path, resulting in fewer false-positive results.