add the html argument to the jQuery functions as an XSS sink

2026-05-04 13:15:21 +02:00 · 2023-03-03 11:09:53 +01:00
parent 94870b838f
commit a6c9af4182
3 changed files with 8 additions and 3 deletions
--- a/javascript/ql/lib/semmle/javascript/frameworks/jQuery.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/jQuery.qll
@@ -540,9 +540,9 @@ module JQuery {
      JQuery::isMethodArgumentInterpretedAsHtml(name) and
      node = this.getAnArgument()
      or
-      // for `$, it's only the first one
+      // for `$, it's only the first one, or an "html" option
      name = "$" and
-      node = this.getArgument(0)
+      node = [this.getArgument(0), this.getOptionArgument(1, "html")]
    }

    /**