mirror of
https://github.com/github/codeql.git
synced 2025-12-19 18:33:16 +01:00
7 lines
478 B
Markdown
7 lines
478 B
Markdown
lgtm,codescanning
|
|
* The security queries now distinguish more clearly between different parts of `window.location`.
|
|
When the taint source of an alert is based on `window.location`, the source will usually
|
|
occur closer to where user-controlled data is obtained, such as at `location.hash`.
|
|
* `js/request-forgery` no longer considers client-side path parameters to be a source due to
|
|
the restricted character set usable in a path, resulting in fewer false-positive results.
|