From 63a14d1b964809cd21734bfe8041121c748cbc49 Mon Sep 17 00:00:00 2001
From: Erik Krogh Kristensen <erik-krogh@github.com>
Date: Tue, 26 May 2020 18:33:29 +0200
Subject: [PATCH] use HtmlConcatenationLeaf

---
 .../IncompleteHtmlAttributeSanitizationCustomizations.qll       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll
index 446f55d3aa0..cd1d9c1cc6c 100644
--- a/javascript/ql/src/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll
@@ -54,7 +54,7 @@ module IncompleteHtmlAttributeSanitization {
       lhs = this.getPreviousLeaf().getStringValue().regexpCapture("(?s)(.*)=\"[^\"]*", 1) and
       (
         this.getNextLeaf().getStringValue().regexpMatch(".*\".*") or
-        this.getRoot().getConstantStringParts().regexpMatch("(?s).*</.*")
+        this instanceof StringOps::HtmlConcatenationLeaf
       )
     }