$schema: https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json version: 2.1.0 runs: - tool: driver: name: LGTM.com organization: Semmle version: 1.29.0-SNAPSHOT rules: - id: com.lgtm/javascript-queries:js/unused-local-variable name: com.lgtm/javascript-queries:js/unused-local-variable shortDescription: text: Unused variable, import, function or class fullDescription: text: Unused variables, imports, functions or classes may be a symptom of a bug and should be examined carefully. defaultConfiguration: enabled: true level: note properties: tags: - maintainability kind: problem precision: very-high severity: recommendation - id: com.lgtm/javascript-queries:js/property-access-on-non-object name: com.lgtm/javascript-queries:js/property-access-on-non-object shortDescription: text: Property access on null or undefined fullDescription: text: Trying to access a property of "null" or "undefined" will result in a runtime exception. defaultConfiguration: enabled: true level: error properties: tags: - correctness - external/cwe/cwe-476 kind: problem precision: high severity: error - id: com.lgtm/javascript-queries:js/regex/duplicate-in-character-class name: com.lgtm/javascript-queries:js/regex/duplicate-in-character-class shortDescription: text: Duplicate character in character class fullDescription: text: If a character class in a regular expression contains the same character twice, this may indicate a bug. defaultConfiguration: enabled: true level: warning properties: tags: - reliability - correctness - regular-expressions kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/misleading-indentation-after-control-statement name: com.lgtm/javascript-queries:js/misleading-indentation-after-control-statement shortDescription: text: Misleading indentation after control statement fullDescription: text: The body of a control statement should have appropriate indentation to clarify which statements it controls and which ones it does not control. defaultConfiguration: enabled: true level: warning properties: tags: - correctness - statistical - non-attributable - external/cwe/cwe-483 kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/missing-variable-declaration name: com.lgtm/javascript-queries:js/missing-variable-declaration shortDescription: text: Missing variable declaration fullDescription: text: If a variable is not declared as a local variable, it becomes a global variable by default, which may be unintentional and could lead to unexpected behavior. defaultConfiguration: enabled: true level: warning properties: tags: - reliability - maintainability kind: problem precision: high severity: warning - id: com.lgtm/javascript-queries:js/misleading-indentation-of-dangling-else name: com.lgtm/javascript-queries:js/misleading-indentation-of-dangling-else shortDescription: text: Misleading indentation of dangling 'else' fullDescription: text: The 'else' clause of an 'if' statement should be aligned with the 'if' it belongs to. defaultConfiguration: enabled: true level: warning properties: tags: - readability - statistical - non-attributable - external/cwe/cwe-483 kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/function-declaration-conflict name: com.lgtm/javascript-queries:js/function-declaration-conflict shortDescription: text: Conflicting function declarations fullDescription: text: If two functions with the same name are declared in the same scope, one of the declarations overrides the other without warning. This makes the code hard to read and maintain, and may even lead to platform-dependent behavior. defaultConfiguration: enabled: true level: error properties: tags: - reliability - correctness - external/cwe/cwe-563 kind: problem precision: high severity: error - id: com.lgtm/javascript-queries:js/variable-initialization-conflict name: com.lgtm/javascript-queries:js/variable-initialization-conflict shortDescription: text: Conflicting variable initialization fullDescription: text: If a variable is declared and initialized twice inside the same variable declaration statement, the second initialization immediately overwrites the first one. defaultConfiguration: enabled: true level: error properties: tags: - reliability - correctness - external/cwe/cwe-563 kind: problem precision: very-high severity: error - id: com.lgtm/javascript-queries:js/comparison-between-incompatible-types name: com.lgtm/javascript-queries:js/comparison-between-incompatible-types shortDescription: text: Comparison between inconvertible types fullDescription: text: An equality comparison between two values that cannot be meaningfully converted to the same type will always yield 'false', and an inequality comparison will always yield 'true'. defaultConfiguration: enabled: true level: warning properties: tags: - reliability - correctness - external/cwe/cwe-570 - external/cwe/cwe-571 kind: problem precision: high severity: warning - id: com.lgtm/javascript-queries:js/automatic-semicolon-insertion name: com.lgtm/javascript-queries:js/automatic-semicolon-insertion shortDescription: text: Semicolon insertion fullDescription: text: Code that uses automatic semicolon insertion inconsistently is hard to read and maintain. defaultConfiguration: enabled: true level: note properties: tags: - maintainability - language-features - statistical - non-attributable kind: problem precision: very-high severity: recommendation - id: com.lgtm/javascript-queries:js/superfluous-trailing-arguments name: com.lgtm/javascript-queries:js/superfluous-trailing-arguments shortDescription: text: Superfluous trailing arguments fullDescription: text: A function is invoked with extra trailing arguments that are ignored. defaultConfiguration: enabled: true level: warning properties: tags: - maintainability - correctness - language-features - external/cwe/cwe-685 kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/overwritten-property name: com.lgtm/javascript-queries:js/overwritten-property shortDescription: text: Overwritten property fullDescription: text: If an object literal has two properties with the same name, the second property overwrites the first one, which makes the code hard to understand and error-prone. defaultConfiguration: enabled: true level: error properties: tags: - reliability - correctness - external/cwe/cwe-563 kind: problem precision: very-high severity: error - id: com.lgtm/javascript-queries:js/eval-like-call name: com.lgtm/javascript-queries:js/eval-like-call shortDescription: text: Call to eval-like DOM function fullDescription: text: DOM functions that act like 'eval' and execute strings as code are dangerous and impede program analysis and understanding. Consequently, they should not be used. defaultConfiguration: enabled: true level: note properties: tags: - maintainability - external/cwe/cwe-676 kind: problem precision: very-high severity: recommendation - id: com.lgtm/javascript-queries:js/use-before-declaration name: com.lgtm/javascript-queries:js/use-before-declaration shortDescription: text: Variable not declared before use fullDescription: text: Variables should be declared before their first use. defaultConfiguration: enabled: true level: warning properties: tags: - maintainability - readability kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/trivial-conditional name: com.lgtm/javascript-queries:js/trivial-conditional shortDescription: text: Useless conditional fullDescription: text: If a conditional expression always evaluates to true or always evaluates to false, this suggests incomplete code or a logic error. defaultConfiguration: enabled: true level: warning properties: tags: - correctness - external/cwe/cwe-570 - external/cwe/cwe-571 kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/useless-expression name: com.lgtm/javascript-queries:js/useless-expression shortDescription: text: Expression has no effect fullDescription: text: An expression that has no effect and is used in a void context is most likely redundant and may indicate a bug. defaultConfiguration: enabled: true level: warning properties: tags: - maintainability - correctness - external/cwe/cwe-480 - external/cwe/cwe-561 kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/redundant-operation name: com.lgtm/javascript-queries:js/redundant-operation shortDescription: text: Identical operands fullDescription: text: Passing identical, or seemingly identical, operands to an operator such as subtraction or conjunction may indicate a typo; even if it is intentional, it makes the code hard to read. defaultConfiguration: enabled: true level: warning properties: tags: - reliability - correctness - external/cwe/cwe-480 - external/cwe/cwe-561 kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/unreachable-statement name: com.lgtm/javascript-queries:js/unreachable-statement shortDescription: text: Unreachable statement fullDescription: text: Unreachable statements are often indicative of missing code or latent bugs and should be avoided. defaultConfiguration: enabled: true level: warning properties: tags: - maintainability - correctness - external/cwe/cwe-561 kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/redundant-assignment name: com.lgtm/javascript-queries:js/redundant-assignment shortDescription: text: Self assignment fullDescription: text: Assigning a variable to itself has no effect. defaultConfiguration: enabled: true level: warning properties: tags: - reliability - correctness - external/cwe/cwe-480 - external/cwe/cwe-561 kind: problem precision: high severity: warning - id: com.lgtm/javascript-queries:js/useless-assignment-to-local name: com.lgtm/javascript-queries:js/useless-assignment-to-local shortDescription: text: Useless assignment to local variable fullDescription: text: An assignment to a local variable that is not used later on, or whose value is always overwritten, has no effect. defaultConfiguration: enabled: true level: warning properties: tags: - maintainability - external/cwe/cwe-563 kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/implicit-operand-conversion name: com.lgtm/javascript-queries:js/implicit-operand-conversion shortDescription: text: Implicit operand conversion fullDescription: text: Relying on implicit conversion of operands is error-prone and makes code hard to read. defaultConfiguration: enabled: true level: warning properties: tags: - reliability - readability - external/cwe/cwe-704 kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/duplicate-variable-declaration name: com.lgtm/javascript-queries:js/duplicate-variable-declaration shortDescription: text: Duplicate variable declaration fullDescription: text: A variable declaration statement that declares the same variable twice is confusing and hard to maintain. defaultConfiguration: enabled: true level: note properties: tags: - maintainability kind: problem precision: very-high severity: recommendation - id: com.lgtm/javascript-queries:js/unsafe-external-link name: com.lgtm/javascript-queries:js/unsafe-external-link shortDescription: text: Potentially unsafe external link fullDescription: text: External links that open in a new tab or window but do not specify link type 'noopener' or 'noreferrer' are a potential security risk. defaultConfiguration: enabled: true level: warning properties: tags: - maintainability - security - external/cwe/cwe-200 - external/cwe/cwe-1022 kind: problem precision: very-high security-severity: "6.5" severity: warning - id: com.lgtm/javascript-queries:js/duplicate-html-attribute name: com.lgtm/javascript-queries:js/duplicate-html-attribute shortDescription: text: Duplicate HTML element attributes fullDescription: text: Specifying the same attribute twice on the same HTML element is redundant and may indicate a copy-paste mistake. defaultConfiguration: enabled: true level: warning properties: tags: - maintainability - readability kind: problem precision: very-high severity: warning - id: com.lgtm/javascript-queries:js/unknown-directive name: com.lgtm/javascript-queries:js/unknown-directive shortDescription: text: Unknown directive fullDescription: text: An unknown directive has no effect and may indicate a misspelling. defaultConfiguration: enabled: true level: warning properties: tags: - correctness kind: problem precision: high severity: warning - id: com.lgtm/javascript-queries:js/redos name: com.lgtm/javascript-queries:js/redos shortDescription: text: Inefficient regular expression fullDescription: text: A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks. defaultConfiguration: enabled: true level: error properties: tags: - security - external/cwe/cwe-1333 - external/cwe/cwe-730 - external/cwe/cwe-400 kind: problem precision: high security-severity: "7.5" severity: error - id: com.lgtm/javascript-queries:js/incomplete-sanitization name: com.lgtm/javascript-queries:js/incomplete-sanitization shortDescription: text: Incomplete string escaping or encoding fullDescription: text: A string transformer that does not replace or escape all occurrences of a meta-character may be ineffective. defaultConfiguration: enabled: true level: warning properties: tags: - correctness - security - external/cwe/cwe-116 - external/cwe/cwe-020 kind: problem precision: high security-severity: "7.8" severity: warning - id: com.lgtm/javascript-queries:js/useless-assignment-to-property name: com.lgtm/javascript-queries:js/useless-assignment-to-property shortDescription: text: Useless assignment to property fullDescription: text: An assignment to a property whose value is always overwritten has no effect. defaultConfiguration: enabled: true level: warning properties: tags: - maintainability kind: problem precision: high severity: warning - id: com.lgtm/javascript-queries:js/incomplete-hostname-regexp name: com.lgtm/javascript-queries:js/incomplete-hostname-regexp shortDescription: text: Incomplete regular expression for hostnames fullDescription: text: Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more hostnames than expected. defaultConfiguration: enabled: true level: warning properties: tags: - correctness - security - external/cwe/cwe-020 kind: problem precision: high security-severity: "7.8" severity: warning - id: com.lgtm/javascript-queries:js/loop-iteration-skipped-due-to-shifting name: com.lgtm/javascript-queries:js/loop-iteration-skipped-due-to-shifting shortDescription: text: Loop iteration skipped due to shifting fullDescription: text: Removing elements from an array while iterating over it can cause the loop to skip over some elements, unless the loop index is decremented accordingly. defaultConfiguration: enabled: true level: warning properties: tags: - correctness kind: problem precision: high severity: warning - id: com.lgtm/javascript-queries:js/useless-regexp-character-escape name: com.lgtm/javascript-queries:js/useless-regexp-character-escape shortDescription: text: Useless regular-expression character escape fullDescription: text: Prepending a backslash to an ordinary character in a string does not have any effect, and may make regular expressions constructed from this string behave unexpectedly. defaultConfiguration: enabled: true level: error properties: tags: - correctness - security - external/cwe/cwe-020 kind: problem precision: high security-severity: "7.8" severity: error - id: com.lgtm/javascript-queries:js/unsafe-jquery-plugin name: com.lgtm/javascript-queries:js/unsafe-jquery-plugin shortDescription: text: Unsafe jQuery plugin fullDescription: text: A jQuery plugin that unintentionally constructs HTML from some of its options may be unsafe to use for clients. defaultConfiguration: enabled: true level: warning properties: tags: - security - external/cwe/cwe-079 - external/cwe/cwe-116 - frameworks/jquery kind: path-problem precision: high security-severity: "6.1" severity: warning - id: com.lgtm/javascript-queries:js/xss-through-dom name: com.lgtm/javascript-queries:js/xss-through-dom shortDescription: text: DOM text reinterpreted as HTML fullDescription: text: Reinterpreting text from the DOM as HTML can lead to a cross-site scripting vulnerability. defaultConfiguration: enabled: true level: warning properties: tags: - security - external/cwe/cwe-079 - external/cwe/cwe-116 kind: path-problem precision: high security-severity: "6.1" severity: warning - id: com.lgtm/javascript-queries:js/incomplete-multi-character-sanitization name: com.lgtm/javascript-queries:js/incomplete-multi-character-sanitization shortDescription: text: Incomplete multi-character sanitization fullDescription: text: A sanitizer that removes a sequence of characters may reintroduce the dangerous sequence. defaultConfiguration: enabled: true level: warning properties: tags: - correctness - security - external/cwe/cwe-116 - external/cwe/cwe-020 kind: problem precision: high security-severity: "7.8" severity: warning - id: com.lgtm/javascript-queries:js/html-constructed-from-input name: com.lgtm/javascript-queries:js/html-constructed-from-input shortDescription: text: Unsafe HTML constructed from library input fullDescription: text: Using externally controlled strings to construct HTML might allow a malicious user to perform a cross-site scripting attack. defaultConfiguration: enabled: true level: error properties: tags: - security - external/cwe/cwe-079 - external/cwe/cwe-116 kind: path-problem precision: high security-severity: "6.1" severity: error - id: com.lgtm/javascript-queries:js/bad-tag-filter name: com.lgtm/javascript-queries:js/bad-tag-filter shortDescription: text: Bad HTML filtering regexp fullDescription: text: Matching HTML tags using regular expressions is hard to do right, and can easily lead to security issues. defaultConfiguration: enabled: true level: warning properties: tags: - correctness - security - external/cwe/cwe-116 - external/cwe/cwe-020 kind: problem precision: high security-severity: "7.8" severity: warning versionControlProvenance: - repositoryUri: https://github.com/treeio/treeio.git revisionId: bae3115f4015aad2cbc5ab45572232ceec990495 artifacts: - location: uri: static/js/fileuploader.js uriBaseId: '%SRCROOT%' index: 0 - location: uri: static/js/hardtree.js uriBaseId: '%SRCROOT%' index: 1 - location: uri: static/js/jquery-ui-1.10.3/demos/accordion/hoverintent.html uriBaseId: '%SRCROOT%' index: 2 - location: uri: static/js/jquery.ganttView.js uriBaseId: '%SRCROOT%' index: 3 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/advimage/js/image.js uriBaseId: '%SRCROOT%' index: 4 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/advlink/js/advlink.js uriBaseId: '%SRCROOT%' index: 5 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/contextmenu/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 6 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/emotions/js/emotions.js uriBaseId: '%SRCROOT%' index: 7 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/fullpage/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 8 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/fullscreen/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 9 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/fullscreen/fullscreen.htm uriBaseId: '%SRCROOT%' index: 10 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/inlinepopups/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 11 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/layer/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 12 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/legacyoutput/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 13 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/lists/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 14 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/media/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 15 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/media/js/media.js uriBaseId: '%SRCROOT%' index: 16 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/noneditable/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 17 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/save/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 18 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/searchreplace/js/searchreplace.js uriBaseId: '%SRCROOT%' index: 19 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/spellchecker/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 20 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/style/js/props.js uriBaseId: '%SRCROOT%' index: 21 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/tabfocus/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 22 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/table/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 23 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/table/js/cell.js uriBaseId: '%SRCROOT%' index: 24 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/template/js/template.js uriBaseId: '%SRCROOT%' index: 25 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/visualchars/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 26 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/xhtmlxtras/js/element_common.js uriBaseId: '%SRCROOT%' index: 27 - location: uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/editor_template_src.js uriBaseId: '%SRCROOT%' index: 28 - location: uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/anchor.js uriBaseId: '%SRCROOT%' index: 29 - location: uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/charmap.js uriBaseId: '%SRCROOT%' index: 30 - location: uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/color_picker.js uriBaseId: '%SRCROOT%' index: 31 - location: uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/image.js uriBaseId: '%SRCROOT%' index: 32 - location: uri: static/js/tinymce/jscripts/tiny_mce/themes/advanced/js/link.js uriBaseId: '%SRCROOT%' index: 33 - location: uri: static/js/tinymce/jscripts/tiny_mce/tiny_mce_src.js uriBaseId: '%SRCROOT%' index: 34 - location: uri: static/js/tinymce/jscripts/tiny_mce/utils/editable_selects.js uriBaseId: '%SRCROOT%' index: 35 - location: uri: static/js/tinymce/jscripts/tiny_mce/utils/mctabs.js uriBaseId: '%SRCROOT%' index: 36 - location: uri: static/js/tinymce/jscripts/tiny_mce/utils/validate.js uriBaseId: '%SRCROOT%' index: 37 - location: uri: static/mobile/jquery.mobile.scrollview.js uriBaseId: '%SRCROOT%' index: 38 - location: uri: templates/html/core/billing/upgrade.html uriBaseId: '%SRCROOT%' index: 39 - location: uri: static/js/12o_super_mini.js uriBaseId: '%SRCROOT%' index: 40 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 41 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/wordcount/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 42 - location: uri: static/js/chat.js uriBaseId: '%SRCROOT%' index: 43 - location: uri: static/js/jquery-ui-1.10.3/demos/effect/easing.html uriBaseId: '%SRCROOT%' index: 44 - location: uri: static/js/jquery.gritter.js uriBaseId: '%SRCROOT%' index: 45 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/style/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 46 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/table/js/table.js uriBaseId: '%SRCROOT%' index: 47 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/template/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 48 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/xhtmlxtras/js/attributes.js uriBaseId: '%SRCROOT%' index: 49 - location: uri: static/js/tinymce/jscripts/tiny_mce/utils/form_utils.js uriBaseId: '%SRCROOT%' index: 50 - location: uri: static/mobile/jquery.mobile.forms.ajaxform.js uriBaseId: '%SRCROOT%' index: 51 - location: uri: static/js/colorbox/example1/index.html uriBaseId: '%SRCROOT%' index: 52 - location: uri: static/js/colorbox/example2/index.html uriBaseId: '%SRCROOT%' index: 53 - location: uri: static/js/colorbox/example3/index.html uriBaseId: '%SRCROOT%' index: 54 - location: uri: static/js/colorbox/example4/index.html uriBaseId: '%SRCROOT%' index: 55 - location: uri: static/js/colorbox/example5/index.html uriBaseId: '%SRCROOT%' index: 56 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/media/js/embed.js uriBaseId: '%SRCROOT%' index: 57 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/preview/jscripts/embed.js uriBaseId: '%SRCROOT%' index: 58 - location: uri: static/js/tinymce/jscripts/tiny_mce/plugins/preview/preview.html uriBaseId: '%SRCROOT%' index: 59 - location: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 - location: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 - location: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.resizable.js uriBaseId: '%SRCROOT%' index: 62 - location: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.slider.js uriBaseId: '%SRCROOT%' index: 63 - location: uri: static/js/tinymce/jscripts/tiny_mce/themes/simple/editor_template_src.js uriBaseId: '%SRCROOT%' index: 64 - location: uri: templates/html/core/administration/settings_view.html uriBaseId: '%SRCROOT%' index: 65 - location: uri: templates/html/core/database_setup.html uriBaseId: '%SRCROOT%' index: 66 - location: uri: static/js/jquery.ba-serializeobject.js uriBaseId: '%SRCROOT%' index: 67 - location: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.button.js uriBaseId: '%SRCROOT%' index: 68 - location: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.tabs.js uriBaseId: '%SRCROOT%' index: 69 - location: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.sortable.js uriBaseId: '%SRCROOT%' index: 70 - location: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.droppable.js uriBaseId: '%SRCROOT%' index: 71 - location: uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js uriBaseId: '%SRCROOT%' index: 72 - location: uri: static/js/jquery-ui-custom.js uriBaseId: '%SRCROOT%' index: 73 - location: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js uriBaseId: '%SRCROOT%' index: 74 - location: uri: static/js/jquery-ui-1.10.3/demos/droppable/photo-manager.html uriBaseId: '%SRCROOT%' index: 75 - location: uri: static/js/jquery-ui-1.10.3/demos/tabs/manipulation.html uriBaseId: '%SRCROOT%' index: 76 results: - ruleId: com.lgtm/javascript-queries:js/misleading-indentation-of-dangling-else ruleIndex: 5 rule: id: com.lgtm/javascript-queries:js/misleading-indentation-of-dangling-else index: 5 message: text: This else branch belongs to [this if statement](1), but its indentation suggests it belongs to [this other if statement](2). locations: - physicalLocation: artifactLocation: uri: static/js/tinymce/jscripts/tiny_mce/tiny_mce_src.js uriBaseId: '%SRCROOT%' index: 34 region: startLine: 6760 startColumn: 4 endColumn: 8 partialFingerprints: primaryLocationLineHash: 38642848f30192cb:1 primaryLocationStartColumnFingerprint: "0" relatedLocations: - id: 1 physicalLocation: artifactLocation: uri: static/js/tinymce/jscripts/tiny_mce/tiny_mce_src.js uriBaseId: '%SRCROOT%' index: 34 region: startLine: 6758 startColumn: 5 endColumn: 7 message: text: this if statement - id: 2 physicalLocation: artifactLocation: uri: static/js/tinymce/jscripts/tiny_mce/tiny_mce_src.js uriBaseId: '%SRCROOT%' index: 34 region: startLine: 6741 startColumn: 4 endColumn: 6 message: text: this other if statement - ruleId: com.lgtm/javascript-queries:js/regex/duplicate-in-character-class ruleIndex: 2 rule: id: com.lgtm/javascript-queries:js/regex/duplicate-in-character-class index: 2 message: text: |- Character ''' is repeated [here](1) in the same character class. Character ''' is repeated [here](2) in the same character class. Character ''' is repeated [here](3) in the same character class. locations: - physicalLocation: artifactLocation: uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 41 region: startLine: 722 startColumn: 72 endColumn: 73 partialFingerprints: primaryLocationLineHash: 7820a043f81b48cd:1 primaryLocationStartColumnFingerprint: "65" relatedLocations: - id: 1 physicalLocation: artifactLocation: uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 41 region: startLine: 722 startColumn: 74 endColumn: 75 message: text: here - id: 2 physicalLocation: artifactLocation: uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 41 region: startLine: 722 startColumn: 76 endColumn: 77 message: text: here - id: 3 physicalLocation: artifactLocation: uri: static/js/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js uriBaseId: '%SRCROOT%' index: 41 region: startLine: 722 startColumn: 78 endColumn: 79 message: text: here - ruleId: com.lgtm/javascript-queries:js/unsafe-jquery-plugin ruleIndex: 31 rule: id: com.lgtm/javascript-queries:js/unsafe-jquery-plugin index: 31 message: text: Potential XSS vulnerability in the ['$.fn.position' plugin](1). locations: - physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js uriBaseId: '%SRCROOT%' index: 74 region: startLine: 126 startColumn: 15 endColumn: 25 partialFingerprints: primaryLocationLineHash: cdbebfebc041366e:1 primaryLocationStartColumnFingerprint: "12" codeFlows: - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js uriBaseId: '%SRCROOT%' index: 74 region: startLine: 117 startColumn: 27 endColumn: 34 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js uriBaseId: '%SRCROOT%' index: 74 region: startLine: 118 startColumn: 20 endColumn: 27 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js uriBaseId: '%SRCROOT%' index: 74 region: startLine: 118 startColumn: 20 endColumn: 30 message: text: options.of - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js uriBaseId: '%SRCROOT%' index: 74 region: startLine: 126 startColumn: 15 endColumn: 25 message: text: options.of relatedLocations: - id: 1 physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.position.js uriBaseId: '%SRCROOT%' index: 74 region: startLine: 117 startColumn: 17 endLine: 295 endColumn: 2 message: text: '''$.fn.position'' plugin' - ruleId: com.lgtm/javascript-queries:js/unsafe-jquery-plugin ruleIndex: 31 rule: id: com.lgtm/javascript-queries:js/unsafe-jquery-plugin index: 31 message: text: |- Potential XSS vulnerability in the ['$.fn.datepicker' plugin](1). Potential XSS vulnerability in the ['$.fn.datepicker' plugin](2). Potential XSS vulnerability in the ['$.fn.datepicker' plugin](3). locations: - physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1027 startColumn: 6 endColumn: 14 partialFingerprints: primaryLocationLineHash: 862d0932c3f65e9c:1 primaryLocationStartColumnFingerprint: "2" codeFlows: - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js uriBaseId: '%SRCROOT%' index: 72 region: startLine: 9598 startColumn: 28 endColumn: 35 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js uriBaseId: '%SRCROOT%' index: 72 region: startLine: 9629 startColumn: 41 endColumn: 48 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 139 startColumn: 38 endColumn: 46 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 40 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 46 message: text: settings || {} - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 19 endColumn: 47 message: text: $.exten ... || {}) - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 15 endColumn: 42 message: text: this._g ... Field") - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 4 endColumn: 42 message: text: altField - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1027 startColumn: 6 endColumn: 14 message: text: altField - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js uriBaseId: '%SRCROOT%' index: 72 region: startLine: 9598 startColumn: 28 endColumn: 35 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js uriBaseId: '%SRCROOT%' index: 72 region: startLine: 9629 startColumn: 41 endColumn: 48 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 139 startColumn: 38 endColumn: 46 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 40 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 46 message: text: settings || {} - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 28 endColumn: 30 message: text: '{}' - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 19 endColumn: 47 message: text: $.exten ... || {}) - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 15 endColumn: 42 message: text: this._g ... Field") - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 4 endColumn: 42 message: text: altField - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1027 startColumn: 6 endColumn: 14 message: text: altField - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1998 startColumn: 28 endColumn: 35 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 2029 startColumn: 41 endColumn: 48 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 139 startColumn: 38 endColumn: 46 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 40 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 46 message: text: settings || {} - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 19 endColumn: 47 message: text: $.exten ... || {}) - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 15 endColumn: 42 message: text: this._g ... Field") - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 4 endColumn: 42 message: text: altField - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1027 startColumn: 6 endColumn: 14 message: text: altField - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1998 startColumn: 28 endColumn: 35 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 2029 startColumn: 41 endColumn: 48 message: text: options - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 139 startColumn: 38 endColumn: 46 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 40 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 46 message: text: settings || {} - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 28 endColumn: 30 message: text: '{}' - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 19 endColumn: 47 message: text: $.exten ... || {}) - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 15 endColumn: 42 message: text: this._g ... Field") - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 4 endColumn: 42 message: text: altField - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1027 startColumn: 6 endColumn: 14 message: text: altField - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-custom.js uriBaseId: '%SRCROOT%' index: 73 region: startLine: 541 startColumn: 10 endColumn: 11 message: text: a - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-custom.js uriBaseId: '%SRCROOT%' index: 73 region: startLine: 542 startColumn: 154 endColumn: 155 message: text: a - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 139 startColumn: 38 endColumn: 46 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 40 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 46 message: text: settings || {} - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 19 endColumn: 47 message: text: $.exten ... || {}) - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 15 endColumn: 42 message: text: this._g ... Field") - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 4 endColumn: 42 message: text: altField - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1027 startColumn: 6 endColumn: 14 message: text: altField - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-custom.js uriBaseId: '%SRCROOT%' index: 73 region: startLine: 541 startColumn: 10 endColumn: 11 message: text: a - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-custom.js uriBaseId: '%SRCROOT%' index: 73 region: startLine: 542 startColumn: 154 endColumn: 155 message: text: a - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 139 startColumn: 38 endColumn: 46 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 40 message: text: settings - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 32 endColumn: 46 message: text: settings || {} - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 28 endColumn: 30 message: text: '{}' - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 148 startColumn: 19 endColumn: 47 message: text: $.exten ... || {}) - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 15 endColumn: 42 message: text: this._g ... Field") - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1021 startColumn: 4 endColumn: 42 message: text: altField - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1027 startColumn: 6 endColumn: 14 message: text: altField relatedLocations: - id: 1 physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery-ui.js uriBaseId: '%SRCROOT%' index: 72 region: startLine: 9598 startColumn: 19 endLine: 9631 endColumn: 2 message: text: '''$.fn.datepicker'' plugin' - id: 2 physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/ui/jquery.ui.datepicker.js uriBaseId: '%SRCROOT%' index: 61 region: startLine: 1998 startColumn: 19 endLine: 2031 endColumn: 2 message: text: '''$.fn.datepicker'' plugin' - id: 3 physicalLocation: artifactLocation: uri: static/js/jquery-ui-custom.js uriBaseId: '%SRCROOT%' index: 73 region: startLine: 541 endLine: 542 endColumn: 159 message: text: '''$.fn.datepicker'' plugin' - ruleId: com.lgtm/javascript-queries:js/xss-through-dom ruleIndex: 32 rule: id: com.lgtm/javascript-queries:js/xss-through-dom index: 32 message: text: '[DOM text](1) is reinterpreted as HTML without escaping meta-characters.' locations: - physicalLocation: artifactLocation: uri: static/js/12o_super_mini.js uriBaseId: '%SRCROOT%' index: 40 region: startLine: 4666 startColumn: 24 endColumn: 118 partialFingerprints: primaryLocationLineHash: 4a980240eec311bb:1 primaryLocationStartColumnFingerprint: "20" codeFlows: - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/12o_super_mini.js uriBaseId: '%SRCROOT%' index: 40 region: startLine: 4666 startColumn: 54 endColumn: 68 message: text: $(this).text() - location: physicalLocation: artifactLocation: uri: static/js/12o_super_mini.js uriBaseId: '%SRCROOT%' index: 40 region: startLine: 4666 startColumn: 24 endColumn: 118 message: text: '''''' relatedLocations: - id: 1 physicalLocation: artifactLocation: uri: static/js/12o_super_mini.js uriBaseId: '%SRCROOT%' index: 40 region: startLine: 4666 startColumn: 54 endColumn: 68 message: text: DOM text - ruleId: com.lgtm/javascript-queries:js/xss-through-dom ruleIndex: 32 rule: id: com.lgtm/javascript-queries:js/xss-through-dom index: 32 message: text: |- [DOM text](1) is reinterpreted as HTML without escaping meta-characters. [DOM text](2) is reinterpreted as HTML without escaping meta-characters. [DOM text](3) is reinterpreted as HTML without escaping meta-characters. locations: - physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 89 startColumn: 35 endLine: 93 endColumn: 14 partialFingerprints: primaryLocationLineHash: b3f0d76a66d54a16:1 primaryLocationStartColumnFingerprint: "28" codeFlows: - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 90 startColumn: 17 endColumn: 27 message: text: name.val() - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 89 startColumn: 35 endLine: 93 endColumn: 14 message: text: '"" ... ""' - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 91 startColumn: 17 endColumn: 28 message: text: email.val() - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 89 startColumn: 35 endLine: 93 endColumn: 14 message: text: '"" ... ""' - threadFlows: - locations: - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 92 startColumn: 17 endColumn: 31 message: text: password.val() - location: physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 89 startColumn: 35 endLine: 93 endColumn: 14 message: text: '"" ... ""' relatedLocations: - id: 1 physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 90 startColumn: 17 endColumn: 27 message: text: DOM text - id: 2 physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 91 startColumn: 17 endColumn: 28 message: text: DOM text - id: 3 physicalLocation: artifactLocation: uri: static/js/jquery-ui-1.10.3/demos/dialog/modal-form.html uriBaseId: '%SRCROOT%' index: 60 region: startLine: 92 startColumn: 17 endColumn: 31 message: text: DOM text newlineSequences: - "\r\n" - |2+ - '
' - '
' columnKind: utf16CodeUnits properties: semmle.formatSpecifier: 2.1.0 semmle.sourceLanguage: javascript