Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e5bee19

Browse files
asgerfasgerf
committed
JS: Accept a double-flagged line
This is flagged by two queries but for two separate issues. Seems valid to flag it twice.
1 parent 68fae9d commit e5bee19

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

  • javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization

javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -338,7 +338,7 @@ function typicalBadHtmlSanitizers(s) {
338338
}
339339

340340
function bad18NewRegExp(p) {
341-
return p.replace(new RegExp("\\.\\./"), "");
341+
return p.replace(new RegExp("\\.\\./"), ""); // $ Alert[js/incomplete-sanitization] Alert[js/incomplete-multi-character-sanitization] -- both lacking global flag, and multi-char replacement problem
342342
}
343343

344344
function bad4NewRegExpG(s) {

0 commit comments

Comments
 (0)