Comment out hardcoded definition of sink

2026-04-24 16:25:15 +02:00 · 2025-01-06 17:33:31 +00:00
parent 820fe6cd04
commit 4530118681
1 changed files with 19 additions and 19 deletions
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
@@ -251,25 +251,25 @@ module DomBasedXss {
    }
  }

-  /**
-   * A write to the `innerHTML` property of a DOM element, viewed as an XSS sink.
-   *
-   * Uses the Angular Renderer2 API, instead of the default `Element.innerHTML` property.
-   */
-  class AngularRender2SetPropertyInnerHtmlSink extends Sink {
-    AngularRender2SetPropertyInnerHtmlSink() {
-      exists(API::CallNode setProperty |
-        setProperty =
-          API::moduleImport("@angular/core")
-              .getMember("Renderer2")
-              .getInstance()
-              .getMember("setProperty")
-              .getACall() and
-        this = setProperty.getParameter(2).asSink() and
-        setProperty.getArgument(1).getStringValue() = "innerHTML"
-      )
-    }
-  }
+  // /**
+  //  * A write to the `innerHTML` property of a DOM element, viewed as an XSS sink.
+  //  *
+  //  * Uses the Angular Renderer2 API, instead of the default `Element.innerHTML` property.
+  //  */
+  // class AngularRender2SetPropertyInnerHtmlSink extends Sink {
+  //   AngularRender2SetPropertyInnerHtmlSink() {
+  //     exists(API::CallNode setProperty |
+  //       setProperty =
+  //         API::moduleImport("@angular/core")
+  //             .getMember("Renderer2")
+  //             .getInstance()
+  //             .getMember("setProperty")
+  //             .getACall() and
+  //       this = setProperty.getParameter(2).asSink() and
+  //       setProperty.getArgument(1).getStringValue() = "innerHTML"
+  //     )
+  //   }
+  // }

  /**
   * A value being piped into the `safe` pipe in a template file,