QL code and tests for C#/C++/JavaScript.

javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.expected

@@ -0,0 +1,3 @@
+| AmbiguousIdAttribute.html:4:1:4:29 | <li>...</> | This element has the same id as $@. | AmbiguousIdAttribute.html:5:1:5:30 | <li>...</> | another element |
+| AmbiguousIdAttribute_fragment.html:2:3:3:2 | <li>...</> | This element has the same id as $@. | AmbiguousIdAttribute_fragment.html:3:3:3:32 | <li>...</> | another element |
+| tst.js:22:17:22:40 | <div id ... ></div> | This element has the same id as $@. | tst.js:22:41:22:64 | <div id ... ></div> | another element |

javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.html

@@ -0,0 +1,8 @@
+<html>
+<body>
+<ul>
+<li id="first">First element
+<li id="first">Second element
+</ul>
+semmle-extractor-options: --html elements
+</body>

javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute.qlref

@@ -0,0 +1 @@
+DOM/AmbiguousIdAttribute.ql

javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttributeGood.html

@@ -0,0 +1,14 @@
+<html>
+<body>
+<ul>
+<li id="first">First element</li>
+<li id="second">Second element</li>
+<li id="{{templated-id}}">Templated id</li> <!-- ignored -->
+<li id="{{templated-id}}">Templated id</li> <!-- ignored -->
+<li id="invalid id">Invalid id</li> <!-- reported by another query -->
+<li id="invalid id">Invalid id</li> <!-- reported by another query -->
+<li class="duplicate-class">duplicate-class</li>
+<li class="duplicate-class">duplicate-class</li>
+</ul>
+semmle-extractor-options: --html elements
+</body>

javascript/ql/test/query-tests/DOM/HTML/AmbiguousIdAttribute_fragment.html

@@ -0,0 +1,4 @@
+<ul>
+  <li id="first">First element
+  <li id="first">Second element
+</ul>

javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.expected

@@ -0,0 +1,3 @@
+| ConflictingAttributes.html:1:4:1:27 | href=http://semmle.com | This attribute has the same name as $@ of the same element, but a different value. | ConflictingAttributes.html:1:29:1:53 | href=https://semmle.com | another attribute |
+| tst.js:6:4:6:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:6:29:6:53 | href="h ... le.com" | another attribute |
+| tst.js:16:4:16:27 | href="h ... le.com" | This attribute has the same name as $@ of the same element, but a different value. | tst.js:16:29:16:46 | href={someValue()} | another attribute |

javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.html

@@ -0,0 +1,2 @@
+<a href="http://semmle.com" href="https://semmle.com">Semmle</a>
+semmle-extractor-options: --html elements

javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributes.qlref

@@ -0,0 +1 @@
+DOM/ConflictingAttributes.ql

javascript/ql/test/query-tests/DOM/HTML/ConflictingAttributesGood.html

@@ -0,0 +1,2 @@
+<a href="https://semmle.com">Semmle</a>
+semmle-extractor-options: --html elements

javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.expected

@@ -0,0 +1,2 @@
+| DuplicateAttributes.html:1:4:1:28 | href=https://semmle.com | This attribute is duplicated $@. | DuplicateAttributes.html:1:30:1:54 | href=https://semmle.com | here |
+| tst.js:9:4:9:28 | href="h ... le.com" | This attribute is duplicated $@. | tst.js:9:30:9:54 | href="h ... le.com" | here |

javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.html

@@ -0,0 +1,2 @@
+<a href="https://semmle.com" href="https://semmle.com">Semmle</a>
+semmle-extractor-options: --html elements

javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributes.qlref

@@ -0,0 +1 @@
+DOM/DuplicateAttributes.ql

javascript/ql/test/query-tests/DOM/HTML/DuplicateAttributesGood.html

@@ -0,0 +1,2 @@
+<a href="https://semmle.com">Semmle</a>
+semmle-extractor-options: --html elements

javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.expected

@@ -0,0 +1,5 @@
+| AmbiguousIdAttributeGood.html:8:5:8:19 | id=invalid id | The value of the id attribute must not contain any space characters. |
+| AmbiguousIdAttributeGood.html:9:5:9:19 | id=invalid id | The value of the id attribute must not contain any space characters. |
+| MalformedIdAttribute.html:1:6:1:27 | id=heading important | The value of the id attribute must not contain any space characters. |
+| tst.js:12:6:12:10 | id="" | The value of the id attribute must contain at least one character. |
+| tst.js:13:6:13:13 | id="a b" | The value of the id attribute must not contain any space characters. |

javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.html

@@ -0,0 +1,2 @@
+<div id="heading important">An important heading</div>
+semmle-extractor-options: --html elements

javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttribute.qlref

@@ -0,0 +1 @@
+DOM/MalformedIdAttribute.ql

javascript/ql/test/query-tests/DOM/HTML/MalformedIdAttributeGood.html

@@ -0,0 +1,2 @@
+<div class="heading important">An important heading</div>
+semmle-extractor-options: --html elements

javascript/ql/test/query-tests/DOM/HTML/templates.html

@@ -0,0 +1,3 @@
+<div id="{{looks like template value}}"></div>
+<div id="[[also looks like a template value]]"></div>
+<div id="id-{{some template expression}}"></div>

javascript/ql/test/query-tests/DOM/HTML/tst.js

@@ -0,0 +1,22 @@
+// OK: we don't know whether the two elements are added to the same document
+var div1 = <div id="theDiff"></div>;
+var div2 = <div id="theDiff"></div>;
+
+// not OK
+<a href="http://semmle.com" href="https://semmle.com">Semmle</a>;
+
+// not OK
+<a href="https://semmle.com" href="https://semmle.com">Semmle</a>;
+
+// not OK
+<div id=""></div>;
+<div id="a b"></div>;
+
+// not OK
+<a href="http://semmle.com" href={someValue()}>Semmle</a>;
+
+// OK
+<div id={someOtherValue()}></div>;
+
+// not OK
+var div3 = <div><div id="theDiff"></div><div id="theDiff"></div></div>;