hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Dont use getALocalSource() when marking Vue template sinks

Browse Source
This commit is contained in:
Asger Feldthaus
2021-06-30 11:55:18 +02:00
parent 472b41f5e1
commit 6d9b96f6e8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
View File

@@ -331,7 +331,7 @@ module DomBasedXss {
* A write to the `template` option of a Vue instance, viewed as an XSS sink.
*/
class VueTemplateSink extends DomBasedXss::Sink {
VueTemplateSink() { this = any(Vue::Instance i).getTemplate() }
VueTemplateSink() { this = any(Vue::Instance i).getOption("template") }
}
/**