changes based on review feedback

javascript/ql/src/semmle/javascript/StandardLibrary.qll

@@ -212,10 +212,6 @@ private class PromiseFlowStep extends DataFlow::AdditionalFlowStep {
 /**
  * A data flow edge from the exceptional return of the promise executor to the promise catch handler.
  * This only adds an edge from the exceptional return of the promise executor to a `.catch()` handler.
- * Missing are (at least): 
- *   Exceptional flow from promise executor (and handlers) to exceptional return of an `await` expression. 
- *   Flow from calls to `reject` to exceptional return of an `await` expression.
- *   Restricting flow to only the first catch handler after an exception.
  */
 private class PromiseExceptionalStep extends DataFlow::AdditionalFlowStep {
   PromiseDefinition promise;

javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll

@@ -46,7 +46,7 @@ module ExceptionXss {
       or
       exists(DataFlow::PropRef prop |
         node = DataFlow::valueNode(prop.getPropertyNameExpr()) and
-        isNullOrUndefined(prop.getBase().analyze().getAType())
+        forex(InferredType t | t = prop.getBase().analyze().getAType() | isNullOrUndefined(t))
       )
     )
   }
@@ -99,8 +99,8 @@ module ExceptionXss {
   }
 
   /**
-   * Gets the data-flow node where exceptions thrown by this expression will
-   * propagate if this expression causes an exception to be thrown. 
+   * Gets the data-flow node to which any exceptions thrown by
+   * this expression will propagate.
    * This predicate adds, on top of `Expr::getExceptionTarget`, exceptions 
    * propagated by callbacks. 
    */