Remove additional Xss sinks

benjamin-button.md

@@ -26,6 +26,8 @@ Sinks added between 2020-01-01 and 2020-10-06 have been removed. Found by lookin
 - the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
 - the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
 
+- recursive type tracking for `jQuery::dollar`, `DOM::domValueRef`.
+
 ## SqlInjection.ql
 
 Sinks added between 2020-01-01 and 2020-10-06 have been removed. Found by looking at:

javascript/ql/lib/semmle/javascript/DOM.qll

@@ -392,11 +392,6 @@ module DOM {
     or
     t.start() and
     result = domValueRef().getAMethodCall(["item", "namedItem"])
-    or
-    t.startInProp("target") and
-    result = domEventSource()
-    or
-    exists(DataFlow::TypeTracker t2 | result = domValueRef(t2).track(t2, t))
   }
 
   /** Gets a data flow node that may refer to a value from the DOM. */

javascript/ql/lib/semmle/javascript/frameworks/jQuery.qll

@@ -484,8 +484,6 @@ module JQuery {
   private DataFlow::SourceNode dollar(DataFlow::TypeTracker t) {
     t.start() and
     result = dollarSource()
-    or
-    exists(DataFlow::TypeTracker t2 | result = dollar(t2).track(t2, t))
   }
 
   /**