hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

documented getSelectionCall

Browse Source
This commit is contained in:
bananabr
2022-05-01 20:41:43 -05:00
parent 57ae07017f
commit ed58ee86fe
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll
View File

@@ -219,7 +219,7 @@ module XssThroughDom {
/**
* A source for text from the DOM from a Selection object toString method call
* A call to window.getSelection
* https://developer.mozilla.org/en-US/docs/Web/API/Selection
*/
DataFlow::SourceNode getSelectionCall(DataFlow::TypeTracker t) {
@@ -233,6 +233,10 @@ module XssThroughDom {
exists(DataFlow::TypeTracker t2 | result = getSelectionCall(t2).track(t2, t))
}
/**
* A source for text from the DOM from a Selection object toString method call
* https://developer.mozilla.org/en-US/docs/Web/API/Selection
*/
class SelectionSource extends Source {
SelectionSource() {
this = getSelectionCall(DataFlow::TypeTracker::end()).getAMethodCall("toString")