diff --git a/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll
index c63f36bdeda..f4b4b9655e4 100644
--- a/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll
+++ b/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll
@@ -51,6 +51,11 @@ module MakeImplContentDataFlow<LocationSig Location, InputSig<Location> Lang> {
      */
     default predicate isAdditionalFlowStep(Node node1, Node node2) { none() }
 
+    /**
+     * Holds if taint may propagate from `node1` to `node2` in addition to the normal data-flow steps.
+     */
+    default predicate isAdditionalTaintStep(Node node1, Node node2) { none() }
+
     /** Holds if data flow into `node` is prohibited. */
     default predicate isBarrier(Node node) { none() }
 
@@ -101,7 +106,7 @@ module MakeImplContentDataFlow<LocationSig Location, InputSig<Location> Lang> {
       predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) {
         storeStep(node1, state1, _, node2, state2) or
         readStep(node1, state1, _, node2, state2) or
-        additionalStep(node1, state1, node2, state2)
+        additionalTaintStep(node1, state1, node2, state2)
       }
 
       predicate isAdditionalFlowStep = ContentConfig::isAdditionalFlowStep/2;
@@ -229,8 +234,8 @@ module MakeImplContentDataFlow<LocationSig Location, InputSig<Location> Lang> {
       )
     }
 
-    private predicate additionalStep(Node node1, State state1, Node node2, State state2) {
-      ContentConfig::isAdditionalFlowStep(node1, node2) and
+    private predicate additionalTaintStep(Node node1, State state1, Node node2, State state2) {
+      ContentConfig::isAdditionalTaintStep(node1, node2) and
       (
         state1 instanceof InitState and
         state2.(InitState).decode(false)
@@ -302,12 +307,16 @@ module MakeImplContentDataFlow<LocationSig Location, InputSig<Location> Lang> {
           // relation, when flow can reach a sink without going back out
           Flow::PathGraph::subpaths(pred, succ, _, _) and
           not reachesSink(succ)
-          or
+        )
+        or
+        exists(Node predNode, State predState, Node succNode, State succState |
+          succNodeAndState(pred, predNode, predState, succ, succNode, succState)
+        |
           // needed to record store steps
-          storeStep(pred.getNode(), pred.getState(), _, succ.getNode(), succ.getState())
+          storeStep(predNode, predState, _, succNode, succState)
           or
           // needed to record read steps
-          readStep(pred.getNode(), pred.getState(), _, succ.getNode(), succ.getState())
+          readStep(predNode, predState, _, succNode, succState)
         )
       }