mirror of
https://github.com/github/codeql.git
synced 2026-04-23 07:45:17 +02:00
a063d7d510
Query operators that interpret JavaScript are no longer considered sinks. Instead they are considered decodings and the output is the tainted dictionary. The state changes to `DictInput` to reflect that the user now controls a dangerous dictionary. This fixes the spurious result and moves the error reporting to a more logical place.