diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll
index 446f55d3aa0..cd1d9c1cc6c 100644
--- a/javascript/ql/src/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll
@@ -54,7 +54,7 @@ module IncompleteHtmlAttributeSanitization {
       lhs = this.getPreviousLeaf().getStringValue().regexpCapture("(?s)(.*)=\"[^\"]*", 1) and
       (
         this.getNextLeaf().getStringValue().regexpMatch(".*\".*") or
-        this.getRoot().getConstantStringParts().regexpMatch("(?s).*</.*")
+        this instanceof StringOps::HtmlConcatenationLeaf
       )
     }