Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c155ac6

Browse files
jorgectfjorgectf
committed
Add HtmlEscaping sanitizer
1 parent 3f43e6e commit c155ac6

1 file changed

Lines changed: 5 additions & 0 deletions

File tree

python/ql/src/experimental/semmle/python/security/dataflow/ReflectedXSS.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import semmle.python.dataflow.new.TaintTracking
99
import semmle.python.dataflow.new.RemoteFlowSources
1010
import semmle.python.dataflow.new.BarrierGuards
1111
import experimental.semmle.python.Concepts
12+
import semmle.python.Concepts
1213
import semmle.python.ApiGraphs
1314

1415
/**
@@ -26,6 +27,10 @@ class ReflectedXssConfiguration extends TaintTracking::Configuration {
2627
guard instanceof StringConstCompare
2728
}
2829

30+
override predicate isSanitizer(DataFlow::Node sanitizer) {
31+
sanitizer = any(HtmlEscaping esc).getOutput()
32+
}
33+
2934
override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
3035
exists(DataFlow::CallCfgNode htmlContentCall |
3136
htmlContentCall =

0 commit comments

Comments
 (0)