JavaScript: Recognise JSON.stringify and JSON.parse as escaper/unescaper.

javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/DoubleEscaping.expected

@@ -5,3 +5,5 @@
 | tst.js:53:10:53:33 | s.repla ... , '\\\\') | This replacement may produce '\\' characters that are double-unescaped $@. | tst.js:53:10:54:33 | s.repla ... , '\\'') | here |
 | tst.js:60:7:60:28 | s.repla ...  '%25') | This replacement may double-escape '%' characters from $@. | tst.js:59:7:59:28 | s.repla ...  '%26') | here |
 | tst.js:68:10:70:38 | s.repla ... &") | This replacement may double-escape '&' characters from $@. | tst.js:68:10:69:39 | s.repla ... apos;") | here |
+| tst.js:74:10:77:10 | JSON.st ...       ) | This replacement may double-escape '\\' characters from $@. | tst.js:75:12:76:37 | s.repla ... u003E") | here |
+| tst.js:86:10:86:22 | JSON.parse(s) | This replacement may produce '\\' characters that are double-unescaped $@. | tst.js:86:10:86:47 | JSON.pa ... g, "<") | here |

javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/tst.js

@@ -69,3 +69,23 @@ function badEncode(s) {
           .replace(indirect2, "'")
           .replace(indirect3, "&");
 }
+
+function badEscape1(s) {
+  return JSON.stringify(
+           s.replace(/</g, "\\u003C")
+            .replace(/>/g, "\\u003E")
+         );
+}
+
+function goodEscape1(s) {
+  return JSON.stringify(s)
+             .replace(/</g, "\\u003C").replace(/>/g, "\\u003E");
+}
+
+function badUnescape2(s) {
+  return JSON.parse(s).replace(/\\u003C/g, "<").replace(/\\u003E/g, ">");
+}
+
+function goodUnescape2(s) {
+  return JSON.parse(s.replace(/\\u003C/g, "<").replace(/\\u003E/g, ">"));
+}