Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 898d22d

Browse files
asgerfasgerf
committed
JS: Simplify HTML element access
1 parent f24af58 commit 898d22d

2 files changed

Lines changed: 36 additions & 34 deletions

File tree

javascript/ql/src/semmle/javascript/HTML.qll

Lines changed: 28 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,29 @@ module HTML {
1010
HtmlFile() { getFileType().isHtml() }
1111
}
1212

13+
/**
14+
* A file that may contain HTML elements.
15+
*
16+
* This is either an `.html` file or a source code file containing
17+
* embedded HTML snippets.
18+
*/
19+
private class FileContainingHtml extends File {
20+
FileContainingHtml() {
21+
getFileType().isHtml()
22+
or
23+
// The file contains an expression containing an HTML element
24+
exists(Expr e |
25+
e.getFile() = this and
26+
xml_element_parent_expression(_, e, _)
27+
)
28+
}
29+
}
30+
31+
/** Gets `i`th root node of the HTML fragment embedded in the given expression, if any. */
32+
Element getHtmlElementFromExpr(Expr e, int i) {
33+
xml_element_parent_expression(result, e, i)
34+
}
35+
1336
/**
1437
* An HTML element.
1538
*
@@ -20,7 +43,7 @@ module HTML {
2043
* ```
2144
*/
2245
class Element extends Locatable, @xmlelement {
23-
Element() { exists(HtmlFile f | xmlElements(this, _, _, _, f)) }
46+
Element() { exists(FileContainingHtml f | xmlElements(this, _, _, _, f)) }
2447

2548
override Location getLocation() { xmllocations(this, result) }
2649

@@ -84,13 +107,6 @@ module HTML {
84107
override string getAPrimaryQlClass() { result = "HTML::Element" }
85108
}
86109

87-
/**
88-
* Gets the inline script of the given attribute, if any.
89-
*/
90-
CodeInAttribute getCodeInAttribute(XMLAttribute attribute) {
91-
toplevel_parent_xml_node(result, attribute)
92-
}
93-
94110
/**
95111
* An attribute of an HTML element.
96112
*
@@ -104,15 +120,15 @@ module HTML {
104120
* ```
105121
*/
106122
class Attribute extends Locatable, @xmlattribute {
107-
Attribute() { exists(HtmlFile f | xmlAttrs(this, _, _, _, _, f)) }
123+
Attribute() { exists(FileContainingHtml f | xmlAttrs(this, _, _, _, _, f)) }
108124

109125
override Location getLocation() { xmllocations(this, result) }
110126

111127
/**
112128
* Gets the inline script of this attribute, if any.
113129
*/
114130
CodeInAttribute getCodeInAttribute() {
115-
result = getCodeInAttribute(this)
131+
toplevel_parent_xml_node(result, this)
116132
}
117133

118134
/**
@@ -264,7 +280,7 @@ module HTML {
264280
* Note that instances of this class are only available if extraction is done with `--html all` or `--experimental`.
265281
*/
266282
class TextNode extends Locatable, @xmlcharacters {
267-
TextNode() { exists(HtmlFile f | xmlChars(this, _, _, _, _, f)) }
283+
TextNode() { exists(FileContainingHtml f | xmlChars(this, _, _, _, _, f)) }
268284

269285
override string toString() { result = getText() }
270286

@@ -303,7 +319,7 @@ module HTML {
303319
* ```
304320
*/
305321
class CommentNode extends Locatable, @xmlcomment {
306-
CommentNode() { exists(HtmlFile f | xmlComments(this, _, _, f)) }
322+
CommentNode() { exists(FileContainingHtml f | xmlComments(this, _, _, f)) }
307323

308324
/** Gets the element in which this comment occurs. */
309325
Element getParent() { xmlComments(this, _, result, _) }

javascript/ql/src/semmle/javascript/frameworks/Angular2.qll

Lines changed: 8 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -340,11 +340,6 @@ module Angular2 {
340340
result = getAttributeValueAsNode(getATemplateInstantiation().getAttributeByName("[" + name + "]"))
341341
}
342342

343-
/** Gets the `templateUrl` property of the `@Component` decorator. */
344-
string getTemplateUrl() {
345-
decorator.getOptionArgument(0, "templateUrl").mayHaveStringValue(result)
346-
}
347-
348343
/**
349344
* Gets the file referred to by `templateUrl`.
350345
*
@@ -355,30 +350,21 @@ module Angular2 {
355350
result = decorator.getOptionArgument(0, "templateUrl").asExpr().(PathExpr).resolve()
356351
}
357352

358-
pragma[noinline]
359-
private Location getInlineTemplateLocation() {
360-
result = decorator.getOptionArgument(0, "template").asExpr().getLocation()
361-
}
362-
363-
private XMLAttribute getAnAttributeInInlineTemplate() {
364-
exists(Location templateLoc, Location attribLoc |
365-
templateLoc = getInlineTemplateLocation() and
366-
attribLoc = result.getLocation() and
367-
templateLoc.getFile() = attribLoc.getFile()
368-
// TODO: check line/column - though in practice checking the file is enough
369-
)
353+
/** Gets an element in the HTML template of this component. */
354+
HTML::Element getATemplateElement() {
355+
result.getFile() = getTemplateFile()
356+
or
357+
result.getParent*() = HTML::getHtmlElementFromExpr(decorator.getOptionArgument(0, "template").asExpr(), _)
370358
}
371359

372360
/**
373361
* Gets an access to the variable `name` in the template body.
374362
*/
375363
DataFlow::Node getATemplateVarAccess(string name) {
376-
exists(XMLAttribute attrib |
377-
attrib.getLocation().getFile() = getTemplateFile() or
378-
attrib = getAnAttributeInInlineTemplate()
379-
|
364+
exists(HTML::Attribute attrib |
365+
attrib = getATemplateElement().getAnAttribute() and
380366
isAngularExpressionAttribute(attrib) and
381-
result = getAGlobalVarAccessInAttribute(HTML::getCodeInAttribute(attrib), name).flow()
367+
result = getAGlobalVarAccessInAttribute(attrib.getCodeInAttribute(), name).flow()
382368
)
383369
}
384370
}

0 commit comments

Comments
 (0)