Java: Fix failing tests

java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

@@ -457,7 +457,7 @@ private predicate unsafeEscape(MethodAccess ma) {
   // Removing `<script>` tags using a string-replace method is
   // unsafe if such a tag is embedded inside another one (e.g. `<scr<script>ipt>`).
   exists(StringReplaceMethod m | ma.getMethod() = m |
-    ma.getArgument(0).(StringLiteral).getRepresentedString() = "<script>" and
+    ma.getArgument(0).(StringLiteral).getRepresentedString() = "(<script>)" and
     ma.getArgument(1).(StringLiteral).getRepresentedString() = ""
   )
 }

java/ql/test/library-tests/dataflow/taint-format/test.expected

@@ -13,6 +13,7 @@
 | A.java:20:22:20:28 | taint(...) | A.java:24:9:24:27 | new ..[] { .. } |
 | A.java:20:22:20:28 | taint(...) | A.java:24:24:24:26 | bad |
 | A.java:20:22:20:28 | taint(...) | A.java:25:9:25:9 | f |
+| A.java:20:22:20:28 | taint(...) | A.java:25:9:25:20 | toString(...) |
 | A.java:29:22:29:28 | taint(...) | A.java:29:22:29:28 | taint(...) |
 | A.java:29:22:29:28 | taint(...) | A.java:33:9:33:10 | sb |
 | A.java:29:22:29:28 | taint(...) | A.java:33:9:33:21 | toString(...) |