JS: fixup visibility of DataFlow::HtmlAttributeNode

Author: Esben Sparre Andreasen

javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll

@@ -742,22 +742,21 @@ module DataFlow {
   /**
    * A data flow node representing an HTML attribute.
    */
-  private class HtmlAttributeNode extends DataFlow::Node, THtmlAttributeNode {
+  class HtmlAttributeNode extends DataFlow::Node, THtmlAttributeNode {
     HTML::Attribute attr;
 
     HtmlAttributeNode() { this = THtmlAttributeNode(attr) }
 
     override string toString() { result = attr.toString() }
 
-    override ASTNode getAstNode() { none() }
-
-    override BasicBlock getBasicBlock() { none() }
-
     override predicate hasLocationInfo(
       string filepath, int startline, int startcolumn, int endline, int endcolumn
     ) {
       attr.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
     }
+
+    /** Gets the attribute corresponding to this data flow node. */
+    HTML::Attribute getAttribute() { result = attr }
   }
 
   /**

javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll

@@ -203,7 +203,7 @@ module DomBasedXss {
    */
   class VHtmlSink extends DomBasedXss::Sink {
     HTML::Attribute attr;
-    VHtmlSink() { this = DataFlow::THtmlAttributeNode(attr) and attr.getName() = "v-html" }
+    VHtmlSink() { this.(DataFlow::HtmlAttributeNode).getAttribute() = attr and attr.getName() = "v-html" }
     HTML::Attribute getAttr() {
       result = attr
     }