separate message for double and single quotes

2026-04-27 01:35:13 +02:00 · 2021-02-01 23:54:12 +01:00
parent 3f1e81533c
commit ca435763b0
3 changed files with 65 additions and 48 deletions
--- a/javascript/ql/src/semmle/javascript/security/IncompleteBlacklistSanitizer.qll
+++ b/javascript/ql/src/semmle/javascript/security/IncompleteBlacklistSanitizer.qll
@@ -23,7 +23,9 @@ abstract class IncompleteBlacklistSanitizer extends DataFlow::Node {
 * Describes the characters represented by `rep`.
 */
 string describeCharacters(string rep) {
-  rep = ["\"", "'"] and result = "quotes"
+  rep = "\"" and result = "double quotes"
+  or
+  rep = "'" and result = "single quotes"
  or
  rep = "&" and result = "ampersands"
  or