Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql

Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2026-04-30 11:15:13 +02:00 · 2020-06-16 18:22:55 +02:00
parent e8b05b70c4
commit 72dc6510b2
1 changed files with 1 additions and 1 deletions
--- a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
+++ b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
@@ -33,7 +33,7 @@ class InsufficientOriginChecks extends DataFlow::MethodCallNode {
 * A function handler for the `MessageEvent`.
 */
 class PostMessageHandler extends DataFlow::FunctionNode {
-  PostMessageHandler() { exists(PostMessageEventHandler handler | this.getFunction() = handler) }
+  PostMessageHandler() { this.getFunction() instanceof PostMessageEventHandler  }
 }

 /**