JS: whitelist quote stripping for js/incomplete-sanitization

2025-12-17 01:03:14 +01:00 · 2019-09-05 09:47:49 +01:00
parent 641232a9d7
commit a9665f53b8
3 changed files with 10 additions and 0 deletions
--- a/change-notes/1.23/analysis-javascript.md
+++ b/change-notes/1.23/analysis-javascript.md
@@ -17,6 +17,7 @@

 | **Query**                      | **Expected impact**          | **Change**                                                                |
 |--------------------------------|------------------------------|---------------------------------------------------------------------------|
+| Incomplete string escaping or encoding (`js/incomplete-sanitization`) | Fewer false-positive results | This rule now recognizes additional ways delimiters can be stripped away. |
 | Client-side cross-site scripting (`js/xss`) | More results | More potential vulnerabilities involving functions that manipulate DOM attributes are now recognized. |
 | Prototype pollution (`js/prototype-pollution`) | Same results | The results are now shown on LGTM by default. |