Skip to content

Commit 9046fd1

Browse files
committed
JS: Update expected output of XSS query (benign)
1 parent 2fc0ab5 commit 9046fd1

File tree

2 files changed

+1
-7
lines changed

2 files changed

+1
-7
lines changed

javascript/ql/test/query-tests/Security/CWE-079/Xss.expected

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -165,9 +165,6 @@ nodes
165165
| tst.js:256:7:256:17 | window.name |
166166
| tst.js:257:7:257:10 | name |
167167
| tst.js:261:11:261:21 | window.name |
168-
| tst.js:272:9:272:32 | loc3 |
169-
| tst.js:272:16:272:32 | document.location |
170-
| tst.js:275:7:275:10 | loc3 |
171168
| tst.js:277:22:277:29 | location |
172169
| tst.js:282:9:282:29 | tainted |
173170
| tst.js:282:19:282:29 | window.name |
@@ -318,8 +315,6 @@ edges
318315
| tst.js:238:23:238:29 | tainted | tst.js:228:32:228:49 | prevProps.tainted4 |
319316
| tst.js:244:39:244:55 | props.propTainted | tst.js:248:60:248:82 | this.st ... Tainted |
320317
| tst.js:252:23:252:29 | tainted | tst.js:244:39:244:55 | props.propTainted |
321-
| tst.js:272:9:272:32 | loc3 | tst.js:275:7:275:10 | loc3 |
322-
| tst.js:272:16:272:32 | document.location | tst.js:272:9:272:32 | loc3 |
323318
| tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted |
324319
| tst.js:282:19:282:29 | window.name | tst.js:282:9:282:29 | tainted |
325320
| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted |
@@ -394,7 +389,6 @@ edges
394389
| tst.js:256:7:256:17 | window.name | tst.js:256:7:256:17 | window.name | tst.js:256:7:256:17 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:256:7:256:17 | window.name | user-provided value |
395390
| tst.js:257:7:257:10 | name | tst.js:257:7:257:10 | name | tst.js:257:7:257:10 | name | Cross-site scripting vulnerability due to $@. | tst.js:257:7:257:10 | name | user-provided value |
396391
| tst.js:261:11:261:21 | window.name | tst.js:261:11:261:21 | window.name | tst.js:261:11:261:21 | window.name | Cross-site scripting vulnerability due to $@. | tst.js:261:11:261:21 | window.name | user-provided value |
397-
| tst.js:275:7:275:10 | loc3 | tst.js:272:16:272:32 | document.location | tst.js:275:7:275:10 | loc3 | Cross-site scripting vulnerability due to $@. | tst.js:272:16:272:32 | document.location | user-provided value |
398392
| tst.js:277:22:277:29 | location | tst.js:277:22:277:29 | location | tst.js:277:22:277:29 | location | Cross-site scripting vulnerability due to $@. | tst.js:277:22:277:29 | location | user-provided value |
399393
| tst.js:285:59:285:65 | tainted | tst.js:282:9:282:29 | tainted | tst.js:285:59:285:65 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:282:9:282:29 | tainted | user-provided value |
400394
| tst.js:285:59:285:65 | tainted | tst.js:282:19:282:29 | window.name | tst.js:285:59:285:65 | tainted | Cross-site scripting vulnerability due to $@. | tst.js:282:19:282:29 | window.name | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/tst.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -272,7 +272,7 @@ function jqueryLocation() {
272272
var loc3 = document.location;
273273
$(loc1); // OK
274274
$(loc2); // OK
275-
$(loc3); // OK - but still flagged
275+
$(loc3); // OK
276276

277277
$("body").append(location); // NOT OK
278278
}

0 commit comments

Comments
 (0)