hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

use isLikelyIntentionalHtmlSink in the sink instead of in the where clause

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-09-03 15:48:30 +02:00
parent 58f51899c9
commit 6fccf5aa70
3 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql
View File

@@ -20,7 +20,6 @@ from
JQuery::JQueryPluginMethod plugin
where
cfg.hasFlowPath(source, sink) and
source.getNode().(Source).getPlugin() = plugin and
not isLikelyIntentionalHtmlSink(plugin, sink.getNode())
source.getNode().(Source).getPlugin() = plugin
select sink.getNode(), source, sink, "Potential XSS vulnerability in the $@.", plugin,
"'$.fn." + plugin.getPluginName() + "' plugin"