JS: remove restriction on truncate calls

asger-semmle · asger-semmle · commit 29de1411b7cf · 2019-02-25T17:00:47.000Z
diff --git a/javascript/ql/src/semmle/javascript/frameworks/ClosureLibrary.qll b/javascript/ql/src/semmle/javascript/frameworks/ClosureLibrary.qll
@@ -35,16 +35,14 @@ module ClosureLibrary {
           name = "trim" or
           name = "trimLeft" or
           name = "trimRight" or
+          name = "truncate" or
+          name = "truncateMiddle" or
           name = "unescapeEntities" or
           name = "urlDecode" or
           name = "urlEncode" or
           name = "whitespaceEscape"
         )
         or
-        (name = "truncate" or name = "truncateMiddle") and
-        pred = getArgument(0) and
-        not getArgument(1).getIntValue() < 8 // length of <script>
-        or
         name = "unescapeEntitiesWithDocument" and
         pred = getArgument(0)
       )
