Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b6611b1

Browse files
erik-krogherik-krogh
committed
add "slice" as a recognized prefix method in ClientSideUrlRedirectCustomizations.qll
1 parent 279c584 commit b6611b1

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ module ClientSideUrlRedirect {
5555
// exclude `location.href.split('?')[0]`, which can never refer to the query string
5656
not exists(PropAccess pacc | mce = pacc.getBase() | pacc.getPropertyName() = "0")
5757
or
58-
(methodName = "substring" or methodName = "substr") and
58+
(methodName = "substring" or methodName = "substr" or methodName = "slice") and
5959
// exclude `location.href.substring(0, ...)` and similar, which can
6060
// never refer to the query string
6161
not mce.getArgument(0).(NumberLiteral).getIntValue() = 0

0 commit comments

Comments
 (0)