hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5397 from erik-krogh/globalSanitizer

Browse Source 
Approved by asgerf
This commit is contained in:
CodeQL CI
2021-03-16 05:37:32 -07:00
committed by GitHub
parent c08230ce1e 1dcfc3840d
commit 40acb95105
4 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
View File

@@ -28,7 +28,7 @@ module Shared {
abstract class SanitizerGuard extends TaintTracking::SanitizerGuardNode { }
/**
* A regexp replacement involving an HTML meta-character, viewed as a sanitizer for
* A global regexp replacement involving an HTML meta-character, viewed as a sanitizer for
* XSS vulnerabilities.
*
* The XSS queries do not attempt to reason about correctness or completeness of sanitizers,
@@ -36,6 +36,7 @@ module Shared {
*/
class MetacharEscapeSanitizer extends Sanitizer, StringReplaceCall {
MetacharEscapeSanitizer() {
this.isGlobal() and
exists(RegExpConstant c |
c.getLiteral() = getRegExp().asExpr() and
c.getValue().regexpMatch("['\"&<>]")