JavaScript: Improve XSS sanitizer detection.

We now use local data flow to detect more regexp-based sanitizers.
2025-12-18 01:33:15 +01:00 · 2019-09-23 16:53:08 +01:00
parent 22e57a6559
commit d4fca84898
3 changed files with 9 additions and 6 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
@@ -34,7 +34,7 @@ module Shared {
    MetacharEscapeSanitizer() {
      getMethodName() = "replace" and
      exists(RegExpConstant c |
-        c.getLiteral() = getArgument(0).asExpr() and
+        c.getLiteral() = getArgument(0).getALocalSource().asExpr() and
        c.getValue().regexpMatch("['\"&<>]")
      )
    }