JS: add query "Unsafe jQuery plugin"

change-notes/1.24/analysis-javascript.md

@@ -28,6 +28,7 @@
 | Regular expression always matches (`js/regex/always-matches`) | correctness, regular-expressions | Highlights regular expression checks that trivially succeed by matching an empty substring. Results are shown on LGTM by default. |
 | Missing await (`js/missing-await`) | correctness | Highlights expressions that operate directly on a promise object in a nonsensical way, instead of awaiting its result. Results are shown on LGTM by default. |
 | Prototype pollution in utility function (`js/prototype-pollution-utility`) | security, external/cwe/cwe-400, external/cwe/cwe-471 | Highlights recursive copying operations that are susceptible to prototype pollution. Results are shown on LGTM by default. |
+| Unsafe jQuery plugin (`js/unsafe-jquery-plugin`) | Highlights potential XSS vulnerabilities in unsafely designed jQuery plugins. |
 
 ## Changes to existing queries
 

javascript/config/suites/javascript/security

@@ -14,6 +14,7 @@
 + semmlecode-javascript-queries/Security/CWE-079/ReflectedXss.ql: /Security/CWE/CWE-079
 + semmlecode-javascript-queries/Security/CWE-079/StoredXss.ql: /Security/CWE/CWE-079
 + semmlecode-javascript-queries/Security/CWE-079/Xss.ql: /Security/CWE/CWE-079
++ semmlecode-javascript-queries/Security/CWE-079/UnsafeJQueryPlugin.ql: /Security/CWE/CWE-079
 + semmlecode-javascript-queries/Security/CWE-089/SqlInjection.ql: /Security/CWE/CWE-089
 + semmlecode-javascript-queries/Security/CWE-094/CodeInjection.ql: /Security/CWE/CWE-094
 + semmlecode-javascript-queries/Security/CWE-094/UnsafeDynamicMethodAccess.ql: /Security/CWE/CWE-094

javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.qhelp

@@ -0,0 +1,98 @@
+<!DOCTYPE qhelp PUBLIC
+"-//Semmle//qhelp//EN"
+"qhelp.dtd">
+<qhelp>
+
+	<overview>
+		<p>
+
+			Library plugins, such as those for the jQuery library, are often
+			configurable through options provided by the clients of the
+			plugin.
+
+			Clients, however, do not know the implementation details of the
+			plugin, so it is important to document the capabilities of each
+			option.  Of particular importance is the documentation for the plugin
+			options that the client is responsible for sanitizing.
+
+			Otherwise, the plugin may write user input (for example, a URL query
+			parameter) to a web page without properly sanitizing the input first,
+			which allows for a cross-site scripting vulnerability in the client
+			application.
+
+		</p>
+	</overview>
+
+	<recommendation>
+		<p>
+
+			Document all options that can lead to cross-site scripting attacks.
+
+		</p>
+	</recommendation>
+
+	<example>
+		<p>
+
+			The following example shows a jQuery plugin that selects a DOM
+			element, and copies its text content another DOM element.  The
+			selection is performed by using the plugin option
+			<code>sourceSelector</code> as a CSS selector.
+
+		</p>
+
+		<sample src="examples/UnsafeJQueryPlugin.js" />
+
+		<p>
+
+			This is however not a safe plugin, since the call to
+			<code>jQuery</code> interprets <code>sourceSelector</code> as HTML if
+			it is a string that starts with <code>&lt;</code>.
+
+		</p>
+
+		<p>
+
+			Instead of documenting that the client is responsible for
+			sanitizing <code>sourceSelector</code>, the plugin can use
+			<code>jQuery.find</code> to always interpret
+			<code>sourceSelector</code> as a CSS selector:
+
+		</p>
+
+		<sample src="examples/UnsafeJQueryPlugin_safe.js" />
+
+
+	</example>
+
+	<references>
+		<li>
+			OWASP:
+			<a href="https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet">DOM based
+			XSS Prevention Cheat Sheet</a>.
+		</li>
+		<li>
+			OWASP:
+			<a href="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet">XSS
+			(Cross Site Scripting) Prevention Cheat Sheet</a>.
+		</li>
+		<li>
+			OWASP
+			<a href="https://www.owasp.org/index.php/DOM_Based_XSS">DOM Based XSS</a>.
+		</li>
+		<li>
+			OWASP
+			<a href="https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting">Types of Cross-Site
+			Scripting</a>.
+		</li>
+		<li>
+			Wikipedia: <a href="http://en.wikipedia.org/wiki/Cross-site_scripting">Cross-site scripting</a>.
+		</li>
+		<li>
+			jQuery: <a href="https://learn.jquery.com/plugins/basic-plugin-creation/">Plugin creation</a>.
+		</li>
+		<li>
+			Bootstrap:	<a href="https://github.com/twbs/bootstrap/pull/27047">XSS vulnerable bootstrap plugins</a>.
+		</li>
+	</references>
+</qhelp>

javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql

@@ -0,0 +1,25 @@
+/**
+ * @name Unsafe jQuery plugin
+ * @description A jQuery plugin that unintentionally constructs HTML from some of its options may be unsafe to use for clients.
+ * @kind path-problem
+ * @problem.severity error
+ * @precision high
+ * @id js/unsafe-jquery-plugin
+ * @tags security
+ *       external/cwe/cwe-079
+ *       external/cwe/cwe-116
+ *       frameworks/jquery
+ */
+
+import javascript
+import semmle.javascript.security.dataflow.UnsafeJQueryPlugin::UnsafeJQueryPlugin
+import DataFlow::PathGraph
+
+from
+  Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, JQueryPluginMethod plugin
+where
+  cfg.hasFlowPath(source, sink) and
+  source.getNode().(Source).getPlugin() = plugin and
+  not isLikelyIntentionalHtmlSink(plugin, sink.getNode())
+select sink.getNode(), source, sink, "Potential XSS vulnerability in the $@.", plugin,
+  "'$.fn." + plugin.getPluginName() + "' plugin"

javascript/ql/src/Security/CWE-079/examples/UnsafeJQueryPlugin.js

@@ -0,0 +1,6 @@
+jQuery.fn.copyText = function(options) {
+	// BAD may evaluate `options.sourceSelector` as HTML
+	var source = jQuery(options.sourceSelector),
+	    text = source.text();
+	jQuery(this).text(text);
+}

javascript/ql/src/Security/CWE-079/examples/UnsafeJQueryPlugin_safe.js

@@ -0,0 +1,6 @@
+jQuery.fn.copyText = function(options) {
+	// GOOD may not evaluate `options.sourceSelector` as HTML
+	var source = jQuery.find(options.sourceSelector),
+	    text = source.text();
+	jQuery(this).text(text);
+}

javascript/ql/src/semmle/javascript/security/dataflow/UnsafeJQueryPlugin.qll

@@ -0,0 +1,41 @@
+/**
+ * Provides a taint-tracking configuration for reasoning about DOM-based
+ * cross-site scripting vulnerabilities in unsafe jQuery plugins.
+ */
+
+import javascript
+import semmle.javascript.security.dataflow.Xss
+
+module UnsafeJQueryPlugin {
+  import UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin
+
+  /**
+   * A taint-tracking configuration for reasoning about XSS in unsafe jQuery plugins.
+   */
+  class Configuration extends TaintTracking::Configuration {
+    Configuration() { this = "UnsafeJQueryPlugin" }
+
+    override predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    override predicate isSanitizer(DataFlow::Node node) {
+      super.isSanitizer(node)
+      or
+      node instanceof DomBasedXss::Sanitizer
+      or
+      node instanceof Sanitizer
+    }
+
+    override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {
+      // jQuery plugins tend to be implemented as classes that store data in fields initialized by the constructor.
+      DataFlow::localFieldStep(src, sink)
+    }
+
+    override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) {
+      super.isSanitizerGuard(node) or
+      node instanceof IsElementSanitizer or
+      node instanceof IsJQueryObjectSanitizer
+    }
+  }
+}

javascript/ql/src/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll

@@ -0,0 +1,242 @@
+/**
+ * Provides default sources, sinks and sanitizers for reasoning about
+ * unsafe jQuery plugins, as well as extension points for adding your
+ * own.
+ */
+
+import javascript
+private import semmle.javascript.dataflow.InferredTypes
+import semmle.javascript.security.dataflow.Xss
+
+module UnsafeJQueryPlugin {
+  private import DataFlow::FlowLabel
+
+  /**
+   * A data flow source for unsafe jQuery plugins.
+   */
+  abstract class Source extends DataFlow::Node {
+    /**
+     * Gets the plugin that this source is used in.
+     */
+    abstract JQueryPluginMethod getPlugin();
+  }
+
+  /**
+   * A data flow sink for unsafe jQuery plugins.
+   */
+  abstract class Sink extends DataFlow::Node { }
+
+  /**
+   * A sanitizer for unsafe jQuery plugins.
+   */
+  abstract class Sanitizer extends DataFlow::Node { }
+
+  /**
+   * An argument that may act as a HTML fragment rather than a CSS selector, as a sink for remote unsafe jQuery plugins.
+   */
+  class AmbiguousHtmlOrSelectorArgument extends DataFlow::Node {
+    AmbiguousHtmlOrSelectorArgument() {
+      exists(JQuery::MethodCall call |
+        call.interpretsArgumentAsSelector(this) and call.interpretsArgumentAsHtml(this)
+      ) and
+      // the $-function in particular will not construct HTML for non-string values
+      analyze().getAType() = TTString() and
+      // any fixed prefix makes the call unambiguous
+      not exists(DataFlow::Node prefix |
+        DomBasedXss::isPrefixOfJQueryHtmlString(this, prefix) and
+        prefix.mayHaveStringValue(_)
+      )
+    }
+  }
+
+  /**
+   * Holds for jQuery plugin definitions of the form `$.fn.<pluginName> = <plugin>`.
+   */
+  private predicate jQueryPluginDefinition(string pluginName, DataFlow::Node plugin) {
+    exists(DataFlow::PropRead fn, DataFlow::PropWrite write |
+      fn = jquery().getAPropertyRead("fn") and
+      (
+        write = fn.getAPropertyWrite()
+        or
+        exists(ExtendCall extend, DataFlow::SourceNode source |
+          fn.flowsTo(extend.getDestinationOperand()) and
+          source = extend.getASourceOperand() and
+          write = source.getAPropertyWrite()
+        )
+      ) and
+      plugin = write.getRhs() and
+      (
+        pluginName = write.getPropertyName() or
+        write.getPropertyNameExpr().flow().mayHaveStringValue(pluginName)
+      )
+    )
+  }
+
+  /**
+   * Gets an function that is registered as a jQuery plugin method at `def`.
+   */
+  private DataFlow::FunctionNode getAJQueryPluginMethod(
+    DataFlow::TypeBackTracker t, DataFlow::Node def
+  ) {
+    t.start() and
+    jQueryPluginDefinition(_, def) and
+    result.flowsTo(def)
+    or
+    exists(DataFlow::TypeBackTracker t2 | result = getAJQueryPluginMethod(t2, def).backtrack(t2, t))
+  }
+
+  /**
+   * Gets an operand to `extend`.
+   */
+  private DataFlow::SourceNode getAnExtendOperand(DataFlow::TypeBackTracker t, ExtendCall extend) {
+    t.start() and
+    result.flowsTo(extend.getAnOperand())
+    or
+    exists(DataFlow::TypeBackTracker t2 | result = getAnExtendOperand(t2, extend).backtrack(t2, t))
+  }
+
+  /**
+   * A function that is registered as a jQuery plugin method.
+   */
+  class JQueryPluginMethod extends DataFlow::FunctionNode {
+    string pluginName;
+
+    JQueryPluginMethod() {
+      exists(DataFlow::Node def |
+        jQueryPluginDefinition(pluginName, def) and
+        this = getAJQueryPluginMethod(DataFlow::TypeBackTracker::end(), def)
+      )
+    }
+
+    /**
+     * Gets the name of this plugin.
+     */
+    string getPluginName() { result = pluginName }
+  }
+
+  /**
+   * Holds if `plugin` has a default option defined a `def`.
+   */
+  private predicate hasDefaultOption(JQueryPluginMethod plugin, DataFlow::PropWrite def) {
+    exists(ExtendCall extend, JQueryPluginOptions options, DataFlow::SourceNode default |
+      options.getPlugin() = plugin and
+      options = getAnExtendOperand(DataFlow::TypeBackTracker::end(), extend) and
+      default = getAnExtendOperand(DataFlow::TypeBackTracker::end(), extend) and
+      default.getAPropertyWrite() = def
+    )
+  }
+
+  /**
+   * The client-provided options object for a jQuery plugin.
+   */
+  class JQueryPluginOptions extends DataFlow::ParameterNode {
+    JQueryPluginMethod method;
+
+    JQueryPluginOptions() {
+      exists(string optionsPattern |
+        optionsPattern = "(?i)(opt(ion)?s?)" and
+        if method.getAParameter().getName().regexpMatch(optionsPattern)
+        then (
+          // use the last parameter named something like "options" if it exists ...
+          getName().regexpMatch(optionsPattern) and
+          this = method.getAParameter()
+        ) else (
+          // ... otherwise, use the last parameter, unless it looks like a DOM node
+          this = method.getLastParameter() and
+          not getName().regexpMatch("(?i)(e(l(em(ent(s)?)?)?)?)")
+        )
+      )
+    }
+
+    /**
+     * Gets the plugin method that these options are used in.
+     */
+    JQueryPluginMethod getPlugin() { result = method }
+  }
+
+  /**
+   * Expression of form `isElement(x)`, which sanitizes `x`.
+   */
+  class IsElementSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode {
+    IsElementSanitizer() {
+      // common ad hoc sanitizing calls
+      exists(string name | getCalleeName() = name |
+        name = "isElement" or name = "isWindow" or name = "isWindow"
+      )
+    }
+
+    override predicate sanitizes(boolean outcome, Expr e) {
+      outcome = true and e = getArgument(0).asExpr()
+    }
+  }
+
+  /**
+   * Expression of form `typeof x.jquery !== "undefined"` or `x.jquery`, which sanitizes `x`.
+   */
+  class IsJQueryObjectSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode {
+    DataFlow::Node input;
+    boolean polarity;
+
+    IsJQueryObjectSanitizer() {
+      exists(DataFlow::PropRead read | read.accesses(input, "jquery") |
+        exists(EqualityTest test |
+          polarity = test.getPolarity().booleanNot() and
+          this = test.flow()
+        |
+          exists(Expr undef | test.hasOperands(read.asExpr(), undef) |
+            SyntacticConstants::isUndefined(undef)
+          )
+          or
+          exists(Expr op1, Expr op2 | test.hasOperands(op1, op2) |
+            read.asExpr() = op1.(TypeofExpr).getOperand() and
+            op2.mayHaveStringValue(any(InferredType t | t = TTUndefined()).getTypeofTag())
+          )
+        )
+        or
+        polarity = true and
+        this = read
+      )
+    }
+
+    override predicate sanitizes(boolean outcome, Expr e) {
+      outcome = polarity and
+      e = input.asExpr()
+    }
+  }
+
+  /**
+   * The client-provided options object for a jQuery plugin, considered as a source for unsafe jQuery plugins.
+   */
+  class JQueryPluginOptionsAsSource extends Source, JQueryPluginOptions {
+    override JQueryPluginMethod getPlugin() { result = JQueryPluginOptions.super.getPlugin() }
+  }
+
+  /**
+   * An argument that may act as a HTML fragment rather than a CSS selector, as a sink for remote unsafe jQuery plugins.
+   */
+  class AmbiguousHtmlOrSelectorArgumentAsSink extends Sink {
+    AmbiguousHtmlOrSelectorArgumentAsSink() { this instanceof AmbiguousHtmlOrSelectorArgument }
+  }
+
+  /**
+   * A hint that a value is expected to be treated as a HTML fragment later.
+   */
+  class IntentionalHtmlFragmentHint extends Sanitizer {
+    IntentionalHtmlFragmentHint() {
+      this.(DataFlow::PropRead).getPropertyName().regexpMatch("(?i).*(html|template).*")
+    }
+  }
+
+  /**
+   * Holds if `plugin` likely expects `sink` to be treated as a HTML fragment.
+   */
+  predicate isLikelyIntentionalHtmlSink(JQueryPluginMethod plugin, Sink sink) {
+    exists(DataFlow::PropWrite defaultDef, string default, DataFlow::PropRead finalRead |
+      hasDefaultOption(plugin, defaultDef) and
+      defaultDef.getPropertyName() = finalRead.getPropertyName() and
+      defaultDef.getRhs().mayHaveStringValue(default) and
+      default.regexpMatch("\\s*<.*") and
+      finalRead.flowsTo(sink)
+    )
+  }
+}

javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll

@@ -106,7 +106,7 @@ module DomBasedXss {
    * Holds if `prefix` is a prefix of `htmlString`, which may be intepreted as
    * HTML by a jQuery method.
    */
-  private predicate isPrefixOfJQueryHtmlString(DataFlow::Node htmlString, DataFlow::Node prefix) {
+  predicate isPrefixOfJQueryHtmlString(DataFlow::Node htmlString, DataFlow::Node prefix) {
     any(JQuery::MethodCall call).interpretsArgumentAsHtml(htmlString) and
     prefix = htmlString
     or

javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin.expected

@@ -0,0 +1,488 @@
+nodes
+| DELETE_ME/bootstrap-post-27047_src/affix.js:16:34:16:40 | options |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:17:20:17:56 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:17:29:17:30 | {} |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:17:49:17:55 | options |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:79 | this.options |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:86 | this.options.target |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:86 | this.options.target |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:121:19:121:24 | option |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:121:19:121:24 | option |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:125:11:125:55 | options |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:125:21:125:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:125:50:125:55 | option |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:127:65:127:71 | options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:16:31:16:37 | options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:27:19:67 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:36:19:37 | {} |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:60:19:66 | options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:27:20:53 | (this.o ...  \|\| '') |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:28:20:39 | this.options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:28:20:46 | this.options.target |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:28:20:52 | this.op ... t \|\| '' |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:9:111:47 | selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:20:109:32 | this.selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:20:111:47 | this.se ...  + '"]' |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:111:7:111:19 | this.selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:113:20:113:27 | selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:113:20:113:27 | selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:127:7:127:19 | this.selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:127:7:127:19 | this.selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:136:19:136:24 | option |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:136:19:136:24 | option |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:11:140:55 | options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:21:140:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:50:140:55 | option |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:142:73:142:79 | options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:16:34:16:40 | options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:17:20:17:56 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:17:29:17:30 | {} |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:17:49:17:55 | options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:33 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:40 | this.options.target |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:40 | this.options.target |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:119:19:119:24 | option |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:119:19:119:24 | option |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:123:11:123:55 | options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:123:21:123:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:123:50:123:55 | option |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:125:65:125:71 | options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:17:37:17:43 | options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:26:19:65 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:35:19:36 | {} |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:58:19:64 | options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:25 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:32 | this.options.parent |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:32 | this.options.parent |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:170:19:170:24 | option |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:170:19:170:24 | option |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:11:174:102 | options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:21:174:102 | $.exten ... option) |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:30:174:31 | {} |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:67:174:101 | typeof  ...  option |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:96:174:101 | option |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:177:71:177:77 | options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:16:31:16:37 | options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:27:19:67 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:36:19:37 | {} |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:60:19:66 | options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:27:20:53 | (this.o ...  \|\| '') |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:28:20:39 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:28:20:46 | this.options.target |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:28:20:52 | this.op ... t \|\| '' |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:9:111:47 | selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:20:109:32 | this.selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:20:111:47 | this.se ...  + '"]' |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:111:7:111:19 | this.selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:113:20:113:27 | selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:113:20:113:27 | selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:127:7:127:19 | this.selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:127:7:127:19 | this.selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:136:19:136:24 | option |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:136:19:136:24 | option |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:11:140:55 | options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:21:140:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:50:140:55 | option |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:142:73:142:79 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:17:36:17:42 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:26:35:26:41 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:49:53:49:59 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:53:22:53:45 | this.ge ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:53:38:53:44 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:49:54:193 | $.isFun ... ewport) |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:49:54:193 | $.isFun ... ewport) |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:137:54:193 | (this.o ... ewport) |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:149 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:158 | this.op ... iewport |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:167 | this.op ... elector |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:192 | this.op ... iewport |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:172:54:183 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:172:54:192 | this.op ... iewport |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:57 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:67 | this.op ... ntainer |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:67 | this.op ... ntainer |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:494:19:494:24 | option |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:494:19:494:24 | option |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:11:498:55 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:21:498:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:50:498:55 | option |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:501:69:501:75 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options |
+| unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:5:5:5:11 | options |
+| unsafe-jquery-plugin.js:5:5:5:18 | options.target |
+| unsafe-jquery-plugin.js:5:5:5:18 | options.target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target |
+| unsafe-jquery-plugin.js:11:16:11:22 | options |
+| unsafe-jquery-plugin.js:11:16:11:29 | options.target |
+| unsafe-jquery-plugin.js:22:6:22:11 | target |
+| unsafe-jquery-plugin.js:22:6:22:11 | target |
+| unsafe-jquery-plugin.js:30:6:30:11 | target |
+| unsafe-jquery-plugin.js:30:6:30:11 | target |
+| unsafe-jquery-plugin.js:36:6:36:11 | target |
+| unsafe-jquery-plugin.js:36:6:36:11 | target |
+| unsafe-jquery-plugin.js:40:6:40:11 | target |
+| unsafe-jquery-plugin.js:40:6:40:11 | target |
+| unsafe-jquery-plugin.js:48:6:48:11 | target |
+| unsafe-jquery-plugin.js:48:6:48:11 | target |
+| unsafe-jquery-plugin.js:52:6:52:11 | target |
+| unsafe-jquery-plugin.js:52:6:52:11 | target |
+| unsafe-jquery-plugin.js:60:6:60:11 | target |
+| unsafe-jquery-plugin.js:60:6:60:11 | target |
+| unsafe-jquery-plugin.js:65:47:65:53 | options |
+| unsafe-jquery-plugin.js:65:47:65:53 | options |
+| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:67:33:67:34 | {} |
+| unsafe-jquery-plugin.js:67:37:67:43 | options |
+| unsafe-jquery-plugin.js:68:45:68:56 | this.options |
+| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent |
+| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent |
+| unsafe-jquery-plugin.js:71:38:71:44 | options |
+| unsafe-jquery-plugin.js:71:38:71:44 | options |
+| unsafe-jquery-plugin.js:72:5:72:11 | options |
+| unsafe-jquery-plugin.js:72:5:72:15 | options.foo |
+| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar |
+| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:76:38:76:44 | options |
+| unsafe-jquery-plugin.js:76:38:76:44 | options |
+| unsafe-jquery-plugin.js:77:17:77:23 | options |
+| unsafe-jquery-plugin.js:77:17:77:27 | options.foo |
+| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar |
+| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:84:38:84:44 | options |
+| unsafe-jquery-plugin.js:84:38:84:44 | options |
+| unsafe-jquery-plugin.js:85:14:85:14 | o |
+| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) |
+| unsafe-jquery-plugin.js:86:22:86:23 | {} |
+| unsafe-jquery-plugin.js:86:26:86:26 | o |
+| unsafe-jquery-plugin.js:87:8:87:24 | t |
+| unsafe-jquery-plugin.js:87:12:87:17 | this.o |
+| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target |
+| unsafe-jquery-plugin.js:90:6:90:6 | t |
+| unsafe-jquery-plugin.js:90:6:90:6 | t |
+| unsafe-jquery-plugin.js:92:5:92:11 | options |
+| unsafe-jquery-plugin.js:101:38:101:44 | options |
+| unsafe-jquery-plugin.js:101:38:101:44 | options |
+| unsafe-jquery-plugin.js:102:3:105:13 | options |
+| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} |
+| unsafe-jquery-plugin.js:105:6:105:12 | options |
+| unsafe-jquery-plugin.js:106:5:106:11 | options |
+| unsafe-jquery-plugin.js:106:5:106:16 | options.menu |
+| unsafe-jquery-plugin.js:106:5:106:16 | options.menu |
+| unsafe-jquery-plugin.js:107:5:107:11 | options |
+| unsafe-jquery-plugin.js:107:5:107:18 | options.target |
+| unsafe-jquery-plugin.js:107:5:107:18 | options.target |
+| unsafe-jquery-plugin.js:114:38:114:44 | options |
+| unsafe-jquery-plugin.js:114:38:114:44 | options |
+| unsafe-jquery-plugin.js:115:3:115:58 | options |
+| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:115:22:115:23 | {} |
+| unsafe-jquery-plugin.js:115:51:115:57 | options |
+| unsafe-jquery-plugin.js:116:5:116:11 | options |
+| unsafe-jquery-plugin.js:116:5:116:16 | options.menu |
+| unsafe-jquery-plugin.js:116:5:116:16 | options.menu |
+| unsafe-jquery-plugin.js:117:5:117:11 | options |
+| unsafe-jquery-plugin.js:117:5:117:18 | options.target |
+| unsafe-jquery-plugin.js:117:5:117:18 | options.target |
+| unsafe-jquery-plugin.js:121:40:121:46 | options |
+| unsafe-jquery-plugin.js:121:40:121:46 | options |
+| unsafe-jquery-plugin.js:122:5:122:11 | options |
+| unsafe-jquery-plugin.js:122:5:122:18 | options.target |
+| unsafe-jquery-plugin.js:122:5:122:18 | options.target |
+| unsafe-jquery-plugin.js:126:33:126:39 | options |
+| unsafe-jquery-plugin.js:126:33:126:39 | options |
+| unsafe-jquery-plugin.js:127:6:127:12 | options |
+| unsafe-jquery-plugin.js:127:6:127:19 | options.target |
+| unsafe-jquery-plugin.js:127:6:127:19 | options.target |
+| unsafe-jquery-plugin.js:131:34:131:40 | options |
+| unsafe-jquery-plugin.js:131:34:131:40 | options |
+| unsafe-jquery-plugin.js:132:5:132:11 | options |
+| unsafe-jquery-plugin.js:132:5:132:18 | options.target |
+| unsafe-jquery-plugin.js:132:5:132:18 | options.target |
+| unsafe-jquery-plugin.js:135:36:135:42 | options |
+| unsafe-jquery-plugin.js:135:36:135:42 | options |
+| unsafe-jquery-plugin.js:136:5:136:11 | options |
+| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport |
+| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
+| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
+| unsafe-jquery-plugin.js:153:38:153:44 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options |
+| unsafe-jquery-plugin.js:154:7:154:29 | target |
+| unsafe-jquery-plugin.js:154:16:154:22 | options |
+| unsafe-jquery-plugin.js:154:16:154:29 | options.target |
+| unsafe-jquery-plugin.js:155:33:155:38 | target |
+| unsafe-jquery-plugin.js:155:33:155:38 | target |
+| unsafe-jquery-plugin.js:156:41:156:47 | options |
+| unsafe-jquery-plugin.js:156:41:156:54 | options.target |
+| unsafe-jquery-plugin.js:156:41:156:54 | options.target |
+| unsafe-jquery-plugin.js:157:44:157:50 | options |
+| unsafe-jquery-plugin.js:157:44:157:57 | options.target |
+| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
+| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
+edges
+| DELETE_ME/bootstrap-post-27047_src/affix.js:16:34:16:40 | options | DELETE_ME/bootstrap-post-27047_src/affix.js:17:49:17:55 | options |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:17:20:17:56 | $.exten ... ptions) | DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:79 | this.options |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:17:29:17:30 | {} | DELETE_ME/bootstrap-post-27047_src/affix.js:17:20:17:56 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:17:49:17:55 | options | DELETE_ME/bootstrap-post-27047_src/affix.js:17:20:17:56 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:17:49:17:55 | options | DELETE_ME/bootstrap-post-27047_src/affix.js:17:29:17:30 | {} |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:79 | this.options | DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:86 | this.options.target |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:79 | this.options | DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:86 | this.options.target |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:121:19:121:24 | option | DELETE_ME/bootstrap-post-27047_src/affix.js:125:50:125:55 | option |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:121:19:121:24 | option | DELETE_ME/bootstrap-post-27047_src/affix.js:125:50:125:55 | option |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:125:11:125:55 | options | DELETE_ME/bootstrap-post-27047_src/affix.js:127:65:127:71 | options |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:125:21:125:55 | typeof  ...  option | DELETE_ME/bootstrap-post-27047_src/affix.js:125:11:125:55 | options |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:125:50:125:55 | option | DELETE_ME/bootstrap-post-27047_src/affix.js:125:21:125:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-post-27047_src/affix.js:127:65:127:71 | options | DELETE_ME/bootstrap-post-27047_src/affix.js:16:34:16:40 | options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:16:31:16:37 | options | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:60:19:66 | options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:27:19:67 | $.exten ... ptions) | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:28:20:39 | this.options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:36:19:37 | {} | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:27:19:67 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:60:19:66 | options | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:27:19:67 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:60:19:66 | options | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:19:36:19:37 | {} |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:27:20:53 | (this.o ...  \|\| '') | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:20:109:32 | this.selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:111:7:111:19 | this.selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:127:7:127:19 | this.selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:127:7:127:19 | this.selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:28:20:39 | this.options | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:28:20:46 | this.options.target |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:28:20:46 | this.options.target | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:28:20:52 | this.op ... t \|\| '' |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:28:20:52 | this.op ... t \|\| '' | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:20:27:20:53 | (this.o ...  \|\| '') |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:9:111:47 | selector | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:113:20:113:27 | selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:9:111:47 | selector | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:113:20:113:27 | selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:20:109:32 | this.selector | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:20:111:47 | this.se ...  + '"]' |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:20:111:47 | this.se ...  + '"]' | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:9:111:47 | selector |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:111:7:111:19 | this.selector | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:109:20:111:47 | this.se ...  + '"]' |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:136:19:136:24 | option | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:50:140:55 | option |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:136:19:136:24 | option | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:50:140:55 | option |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:11:140:55 | options | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:142:73:142:79 | options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:21:140:55 | typeof  ...  option | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:11:140:55 | options |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:50:140:55 | option | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:140:21:140:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:142:73:142:79 | options | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:16:31:16:37 | options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:16:34:16:40 | options | DELETE_ME/bootstrap-pre-27047_src/affix.js:17:49:17:55 | options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:17:20:17:56 | $.exten ... ptions) | DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:33 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:17:29:17:30 | {} | DELETE_ME/bootstrap-pre-27047_src/affix.js:17:20:17:56 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:17:49:17:55 | options | DELETE_ME/bootstrap-pre-27047_src/affix.js:17:20:17:56 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:17:49:17:55 | options | DELETE_ME/bootstrap-pre-27047_src/affix.js:17:29:17:30 | {} |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:33 | this.options | DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:40 | this.options.target |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:33 | this.options | DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:40 | this.options.target |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:119:19:119:24 | option | DELETE_ME/bootstrap-pre-27047_src/affix.js:123:50:123:55 | option |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:119:19:119:24 | option | DELETE_ME/bootstrap-pre-27047_src/affix.js:123:50:123:55 | option |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:123:11:123:55 | options | DELETE_ME/bootstrap-pre-27047_src/affix.js:125:65:125:71 | options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:123:21:123:55 | typeof  ...  option | DELETE_ME/bootstrap-pre-27047_src/affix.js:123:11:123:55 | options |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:123:50:123:55 | option | DELETE_ME/bootstrap-pre-27047_src/affix.js:123:21:123:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:125:65:125:71 | options | DELETE_ME/bootstrap-pre-27047_src/affix.js:16:34:16:40 | options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:17:37:17:43 | options | DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:58:19:64 | options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:26:19:65 | $.exten ... ptions) | DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:25 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:35:19:36 | {} | DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:26:19:65 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:58:19:64 | options | DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:26:19:65 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:58:19:64 | options | DELETE_ME/bootstrap-pre-27047_src/collapse.js:19:35:19:36 | {} |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:25 | this.options | DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:32 | this.options.parent |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:25 | this.options | DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:32 | this.options.parent |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:170:19:170:24 | option | DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:96:174:101 | option |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:170:19:170:24 | option | DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:96:174:101 | option |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:11:174:102 | options | DELETE_ME/bootstrap-pre-27047_src/collapse.js:177:71:177:77 | options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:21:174:102 | $.exten ... option) | DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:11:174:102 | options |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:30:174:31 | {} | DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:21:174:102 | $.exten ... option) |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:67:174:101 | typeof  ...  option | DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:21:174:102 | $.exten ... option) |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:67:174:101 | typeof  ...  option | DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:30:174:31 | {} |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:96:174:101 | option | DELETE_ME/bootstrap-pre-27047_src/collapse.js:174:67:174:101 | typeof  ...  option |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:177:71:177:77 | options | DELETE_ME/bootstrap-pre-27047_src/collapse.js:17:37:17:43 | options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:16:31:16:37 | options | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:60:19:66 | options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:27:19:67 | $.exten ... ptions) | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:28:20:39 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:36:19:37 | {} | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:27:19:67 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:60:19:66 | options | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:27:19:67 | $.exten ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:60:19:66 | options | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:19:36:19:37 | {} |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:27:20:53 | (this.o ...  \|\| '') | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:20:109:32 | this.selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:111:7:111:19 | this.selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:127:7:127:19 | this.selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:27:20:70 | (this.o ... li > a' | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:127:7:127:19 | this.selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:28:20:39 | this.options | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:28:20:46 | this.options.target |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:28:20:46 | this.options.target | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:28:20:52 | this.op ... t \|\| '' |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:28:20:52 | this.op ... t \|\| '' | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:20:27:20:53 | (this.o ...  \|\| '') |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:9:111:47 | selector | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:113:20:113:27 | selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:9:111:47 | selector | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:113:20:113:27 | selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:20:109:32 | this.selector | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:20:111:47 | this.se ...  + '"]' |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:20:111:47 | this.se ...  + '"]' | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:9:111:47 | selector |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:111:7:111:19 | this.selector | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:109:20:111:47 | this.se ...  + '"]' |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:136:19:136:24 | option | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:50:140:55 | option |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:136:19:136:24 | option | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:50:140:55 | option |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:11:140:55 | options | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:142:73:142:79 | options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:21:140:55 | typeof  ...  option | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:11:140:55 | options |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:50:140:55 | option | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:140:21:140:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:142:73:142:79 | options | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:16:31:16:37 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:17:36:17:42 | options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:26:35:26:41 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:26:35:26:41 | options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:49:53:49:59 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:49:53:49:59 | options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:53:38:53:44 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:53:22:53:45 | this.ge ... ptions) | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:149 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:53:22:53:45 | this.ge ... ptions) | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:172:54:183 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:53:22:53:45 | this.ge ... ptions) | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:57 | this.options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:53:38:53:44 | options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:53:22:53:45 | this.ge ... ptions) |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:137:54:193 | (this.o ... ewport) | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:49:54:193 | $.isFun ... ewport) |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:137:54:193 | (this.o ... ewport) | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:49:54:193 | $.isFun ... ewport) |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:149 | this.options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:158 | this.op ... iewport |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:158 | this.op ... iewport | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:167 | this.op ... elector |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:167 | this.op ... elector | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:192 | this.op ... iewport |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:192 | this.op ... iewport | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:137:54:193 | (this.o ... ewport) |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:172:54:183 | this.options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:172:54:192 | this.op ... iewport |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:172:54:192 | this.op ... iewport | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:138:54:192 | this.op ... iewport |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:57 | this.options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:67 | this.op ... ntainer |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:57 | this.options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:67 | this.op ... ntainer |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:494:19:494:24 | option | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:50:498:55 | option |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:494:19:494:24 | option | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:50:498:55 | option |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:11:498:55 | options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:501:69:501:75 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:21:498:55 | typeof  ...  option | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:11:498:55 | options |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:50:498:55 | option | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:498:21:498:55 | typeof  ...  option |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:501:69:501:75 | options | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:17:36:17:42 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options |
+| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options |
+| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target |
+| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target |
+| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target |
+| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target |
+| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target |
+| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options |
+| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options |
+| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | unsafe-jquery-plugin.js:68:45:68:56 | this.options |
+| unsafe-jquery-plugin.js:67:33:67:34 | {} | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:33:67:34 | {} |
+| unsafe-jquery-plugin.js:68:45:68:56 | this.options | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent |
+| unsafe-jquery-plugin.js:68:45:68:56 | this.options | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent |
+| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options |
+| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options |
+| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:15 | options.foo |
+| unsafe-jquery-plugin.js:72:5:72:15 | options.foo | unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar |
+| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options |
+| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options |
+| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:27 | options.foo |
+| unsafe-jquery-plugin.js:77:17:77:27 | options.foo | unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar |
+| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz |
+| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options |
+| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options |
+| unsafe-jquery-plugin.js:85:14:85:14 | o | unsafe-jquery-plugin.js:86:26:86:26 | o |
+| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | unsafe-jquery-plugin.js:87:12:87:17 | this.o |
+| unsafe-jquery-plugin.js:86:22:86:23 | {} | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) |
+| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) |
+| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:22:86:23 | {} |
+| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t |
+| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t |
+| unsafe-jquery-plugin.js:87:12:87:17 | this.o | unsafe-jquery-plugin.js:87:12:87:24 | this.o.target |
+| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | unsafe-jquery-plugin.js:87:8:87:24 | t |
+| unsafe-jquery-plugin.js:92:5:92:11 | options | unsafe-jquery-plugin.js:85:14:85:14 | o |
+| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options |
+| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options |
+| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:106:5:106:11 | options |
+| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options |
+| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options |
+| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} |
+| unsafe-jquery-plugin.js:106:5:106:11 | options | unsafe-jquery-plugin.js:106:5:106:16 | options.menu |
+| unsafe-jquery-plugin.js:106:5:106:11 | options | unsafe-jquery-plugin.js:106:5:106:16 | options.menu |
+| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target |
+| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target |
+| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options |
+| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options |
+| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:116:5:116:11 | options |
+| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options |
+| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options |
+| unsafe-jquery-plugin.js:115:22:115:23 | {} | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) |
+| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:22:115:23 | {} |
+| unsafe-jquery-plugin.js:116:5:116:11 | options | unsafe-jquery-plugin.js:116:5:116:16 | options.menu |
+| unsafe-jquery-plugin.js:116:5:116:11 | options | unsafe-jquery-plugin.js:116:5:116:16 | options.menu |
+| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target |
+| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target |
+| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options |
+| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options |
+| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target |
+| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target |
+| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options |
+| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options |
+| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target |
+| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target |
+| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options |
+| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options |
+| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target |
+| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target |
+| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options |
+| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options |
+| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:20 | options.viewport |
+| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
+| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:41:156:47 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:41:156:47 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options |
+| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options |
+| unsafe-jquery-plugin.js:154:7:154:29 | target | unsafe-jquery-plugin.js:155:33:155:38 | target |
+| unsafe-jquery-plugin.js:154:7:154:29 | target | unsafe-jquery-plugin.js:155:33:155:38 | target |
+| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target |
+| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:154:7:154:29 | target |
+| unsafe-jquery-plugin.js:156:41:156:47 | options | unsafe-jquery-plugin.js:156:41:156:54 | options.target |
+| unsafe-jquery-plugin.js:156:41:156:47 | options | unsafe-jquery-plugin.js:156:41:156:54 | options.target |
+| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target |
+| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
+| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a |
+#select
+| DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:86 | this.options.target | DELETE_ME/bootstrap-post-27047_src/affix.js:121:19:121:24 | option | DELETE_ME/bootstrap-post-27047_src/affix.js:19:68:19:86 | this.options.target | Potential XSS vulnerability in the $@. | DELETE_ME/bootstrap-post-27047_src/affix.js:121:3:130:3 | functio ...  })\\n  } | '$.fn.affix' plugin |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:113:20:113:27 | selector | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:136:19:136:24 | option | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:113:20:113:27 | selector | Potential XSS vulnerability in the $@. | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:136:3:145:3 | functio ...  })\\n  } | '$.fn.scrollspy' plugin |
+| DELETE_ME/bootstrap-post-27047_src/scrollspy.js:127:7:127:19 | this.selector | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:136:19:136:24 | option | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:127:7:127:19 | this.selector | Potential XSS vulnerability in the $@. | DELETE_ME/bootstrap-post-27047_src/scrollspy.js:136:3:145:3 | functio ...  })\\n  } | '$.fn.scrollspy' plugin |
+| DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:40 | this.options.target | DELETE_ME/bootstrap-pre-27047_src/affix.js:119:19:119:24 | option | DELETE_ME/bootstrap-pre-27047_src/affix.js:19:22:19:40 | this.options.target | Potential XSS vulnerability in the $@. | DELETE_ME/bootstrap-pre-27047_src/affix.js:119:3:128:3 | functio ...  })\\n  } | '$.fn.affix' plugin |
+| DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:32 | this.options.parent | DELETE_ME/bootstrap-pre-27047_src/collapse.js:170:19:170:24 | option | DELETE_ME/bootstrap-pre-27047_src/collapse.js:140:14:140:32 | this.options.parent | Potential XSS vulnerability in the $@. | DELETE_ME/bootstrap-pre-27047_src/collapse.js:170:3:180:3 | functio ...  })\\n  } | '$.fn.collapse' plugin |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:113:20:113:27 | selector | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:136:19:136:24 | option | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:113:20:113:27 | selector | Potential XSS vulnerability in the $@. | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:136:3:145:3 | functio ...  })\\n  } | '$.fn.scrollspy' plugin |
+| DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:127:7:127:19 | this.selector | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:136:19:136:24 | option | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:127:7:127:19 | this.selector | Potential XSS vulnerability in the $@. | DELETE_ME/bootstrap-pre-27047_src/scrollspy.js:136:3:145:3 | functio ...  })\\n  } | '$.fn.scrollspy' plugin |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:49:54:193 | $.isFun ... ewport) | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:494:19:494:24 | option | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:54:49:54:193 | $.isFun ... ewport) | Potential XSS vulnerability in the $@. | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:494:3:504:3 | functio ...  })\\n  } | '$.fn.tooltip' plugin |
+| DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:67 | this.op ... ntainer | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:494:19:494:24 | option | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:207:46:207:67 | this.op ... ntainer | Potential XSS vulnerability in the $@. | DELETE_ME/bootstrap-pre-27047_src/tooltip.js:494:3:504:3 | functio ...  })\\n  } | '$.fn.tooltip' plugin |
+| unsafe-jquery-plugin.js:3:5:3:11 | options | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:22:6:22:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:22:6:22:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:30:6:30:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:30:6:30:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:36:6:36:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:36:6:36:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:40:6:40:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:40:6:40:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:48:6:48:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:48:6:48:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:52:6:52:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:52:6:52:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:60:6:60:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:60:6:60:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:65:19:69:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:71:19:74:2 | functio ... / OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:76:19:78:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:90:6:90:6 | t | unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:90:6:90:6 | t | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:84:19:93:2 | functio ... ns);\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:107:5:107:18 | options.target | unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:101:19:108:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:117:5:117:18 | options.target | unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:114:19:118:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:122:5:122:18 | options.target | unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:121:21:123:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:127:6:127:19 | options.target | unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:126:14:128:3 | functio ...  OK\\n\\t\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:132:5:132:18 | options.target | unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:131:15:133:2 | functio ... T OK\\n\\t} | '$.fn.affix' plugin |
+| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:135:17:137:2 | functio ... T OK\\n\\t} | '$.fn.tooltip' plugin |
+| unsafe-jquery-plugin.js:155:33:155:38 | target | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:155:33:155:38 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... gged\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:156:41:156:54 | options.target | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:41:156:54 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... gged\\n\\t} | '$.fn.my_plugin' plugin |
+| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:153:19:158:2 | functio ... gged\\n\\t} | '$.fn.my_plugin' plugin |

javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin.qlref

@@ -0,0 +1 @@
+Security/CWE-079/UnsafeJQueryPlugin.ql

javascript/ql/test/query-tests/Security/CWE-079/unsafe-jquery-plugin.js

@@ -0,0 +1,159 @@
+(function(){
+	$.fn.my_plugin = function my_plugin(options) {
+		$(options); // NOT OK (or is it?)
+
+		$(options.target); // NOT OK
+
+		if (isElement(options.target)) {
+			$(options.target); // OK
+		}
+
+		var target = options.target;
+
+		if (isElement(target)) {
+			$(target); // OK
+		}
+
+		if (typeof target != "string") {
+			$(target); // OK
+		}
+
+		if (target.jquery === undefined) {
+			$(target); // NOT OK
+		} else {
+			$(target); // OK
+		}
+
+		if (target.jquery !== undefined) {
+			$(target); // OK
+		} else {
+			$(target); // NOT OK
+		}
+
+		if (typeof target.jquery !== "undefined") {
+			$(target); // OK
+		} else {
+			$(target); // NOT OK
+		}
+
+		if (typeof target.jquery === "undefined") {
+			$(target); // NOT OK
+		} else {
+			$(target); // OK
+		}
+
+		if (target.jquery) {
+			$(target);  // OK
+		} else {
+			$(target); // NOT OK
+		}
+
+		if (!target.jquery) {
+			$(target);  // NOT OK
+		} else {
+			$(target); // OK
+		}
+
+		if (!!target.jquery) {
+			$(target);  // OK
+		} else {
+			$(target); // NOT OK
+		}
+
+	};
+
+	$.fn.my_plugin = function my_plugin(element, options) {
+		this.$element      = $(element);
+		this.options       = $.extend({}, options);
+		if (this.options.parent) this.$parent = $(this.options.parent) // NOT OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		$(options.foo.bar.baz); // NOT OK
+		$(options.html); // OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		$(x).appendTo(options.foo.bar.baz); // NOT OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		$("#" + options.target); // OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		function f(o) {
+			this.o = $.extend({}, o);
+			var t = this.o.target;
+
+			console.log(t);
+			$(t); // NOT OK
+		}
+		f(options);
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		var target = options.target;
+		if (safe.has(target))
+			$(target); // OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		options = $.extend({
+			menu: '<div></div>',
+			target: '.my_plugin'
+		}, options);
+		$(options.menu); // OK
+		$(options.target); // NOT OK
+	};
+
+	$.fn.my_plugin.defaults = {
+		menu: '<div></div>',
+		target: '.my_plugin'
+	};
+	$.fn.my_plugin = function my_plugin(options) {
+		options = $.extend({}, $.fn.my_plugin.defaults, options);
+		$(options.menu); // OK
+		$(options.target); // NOT OK
+	};
+
+	var pluginName = "my_plugin";
+	$.fn[pluginName] = function my_plugin(options) {
+		$(options.target); // NOT OK
+	};
+
+	$.extend($.fn, {
+		my_plugin: function my_plugin(options) {
+			$(options.target); // NOT OK
+		}
+	});
+
+	$.fn.affix = function my_plugin(options) {
+		$(options.target); // NOT OK
+	};
+
+	$.fn.tooltip = function my_plugin(options) {
+		$(options.viewport.selector); // NOT OK
+	};
+
+	$.fn.my_plugin = function my_plugin(options) {
+		let intentional1 = options.target || `<div>hello</div>`;
+		$(intentional1); // OK
+
+		let intentional2 = `<div>${options.target}</div>`;
+		$(intentional2); // OK
+
+		let intentional3 = `<div>` + options.target `</div>`;
+		$(intentional3); // OK
+
+		let unintentional = `<div class="${options.target}"></div>`;
+		$(unintentional); // OK - but should be flagged by another query
+	}
+
+	$.fn.my_plugin = function my_plugin(options) {
+		let target = options.target;
+		target === DEFAULTS.target? $(target): $(document).find(target); // OK - but still flagged
+		options.target === DEFAULTS.target? $(options.target): $(document).find(options.target); // OK - but still flagged
+		options.targets.a === DEFAULTS.target? $(options.target.a): $(document).find(options.target.a); // OK - but still flagged
+	}
+});