hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: optimize a prefix-check

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2020-02-03 08:39:20 +01:00
parent 7f25c1bf47
commit e1180495f5
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeJQueryPlugin.qll
View File

@@ -36,7 +36,7 @@ module UnsafeJQueryPlugin {
// prefixing prevents forced html/css confusion:
// prefixing through concatenation:
StringConcatenation::getFirstOperand(succ) != pred
StringConcatenation::getOperand(succ, [1..StringConcatenation::getNumOperand(succ) - 1]) = pred
or
// prefixing through a poor-mans templating system:
exists(DataFlow::MethodCallNode replace |