JS: Extract HTML from inline templates

2026-04-30 03:05:15 +02:00 · 2020-12-14 10:37:38 +00:00
parent 6bf9345258
commit 8848ee2d10
9 changed files with 170 additions and 41 deletions
--- a/javascript/ql/test/library-tests/frameworks/Angular2/inline.component.ts
+++ b/javascript/ql/test/library-tests/frameworks/Angular2/inline.component.ts
@@ -0,0 +1,17 @@
+import { Input, Component } from '@angular/core';
+
+@Component({
+    selector: 'mid-component',
+    template: `
+        <sink-component [sink7]="taint"></sink-component>
+
+        \n<sink-component [sink7]="taint"></sink-component>
+`
+})
+export class InlineComponent {
+    taint: string;
+
+    constructor() {
+        this.taint = source();
+    }
+}
--- a/javascript/ql/test/library-tests/frameworks/Angular2/sink.component.ts
+++ b/javascript/ql/test/library-tests/frameworks/Angular2/sink.component.ts
@@ -12,6 +12,7 @@ export class SinkComponent {
    sink4: string;
    sink5: string;
    sink6: string;
+    sink7: string;

    constructor(private sanitizer: DomSanitizer) {}

@@ -22,5 +23,6 @@ export class SinkComponent {
        this.sanitizer.bypassSecurityTrustHtml(this.sink4);
        this.sanitizer.bypassSecurityTrustHtml(this.sink5);
        this.sanitizer.bypassSecurityTrustHtml(this.sink6);
+        this.sanitizer.bypassSecurityTrustHtml(this.sink7);
    }
 }
--- a/javascript/ql/test/library-tests/frameworks/Angular2/test.expected
+++ b/javascript/ql/test/library-tests/frameworks/Angular2/test.expected
@@ -22,8 +22,9 @@ pipeClassRef
 | TestPipe.ts:4:8:9:1 | class T ... ;\\n  }\\n} | source.component.html:5:22:5:29 | testPipe |
 | TestPipe.ts:4:8:9:1 | class T ... ;\\n  }\\n} | source.component.html:6:19:6:26 | testPipe |
 taintFlow
-| source.component.ts:13:22:13:29 | source() | sink.component.ts:19:48:19:57 | this.sink1 |
-| source.component.ts:13:22:13:29 | source() | sink.component.ts:22:48:22:57 | this.sink4 |
-| source.component.ts:13:22:13:29 | source() | sink.component.ts:23:48:23:57 | this.sink5 |
-| source.component.ts:13:22:13:29 | source() | sink.component.ts:24:48:24:57 | this.sink6 |
-| source.component.ts:14:33:14:40 | source() | sink.component.ts:19:48:19:57 | this.sink1 |
+| inline.component.ts:15:22:15:29 | source() | sink.component.ts:26:48:26:57 | this.sink7 |
+| source.component.ts:13:22:13:29 | source() | sink.component.ts:20:48:20:57 | this.sink1 |
+| source.component.ts:13:22:13:29 | source() | sink.component.ts:23:48:23:57 | this.sink4 |
+| source.component.ts:13:22:13:29 | source() | sink.component.ts:24:48:24:57 | this.sink5 |
+| source.component.ts:13:22:13:29 | source() | sink.component.ts:25:48:25:57 | this.sink6 |
+| source.component.ts:14:33:14:40 | source() | sink.component.ts:20:48:20:57 | this.sink1 |