hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Rephrase TODO

Browse Source 
This is useful info, but not something that can be fixed locally in this query, so a TODO comment isn't helping
This commit is contained in:
Asger F
2025-01-09 09:45:39 +01:00
parent 3def8ecdee
commit d9da9444fa
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll
View File

@@ -11,7 +11,9 @@ import UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin
* A taint-tracking configuration for reasoning about XSS in unsafe jQuery plugins.
*/
module UnsafeJQueryPluginConfig implements DataFlow::ConfigSig {
// TODO: PropertyPresenceSanitizer should not block values in a content.
// Note: This query currently misses some results due to two issues:
// - PropertyPresenceSanitizer blocks values in a content
// - localFieldStep has been omitted for performance reaons
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }