Merge pull request #4200 from erik-krogh/typeaheadInconsistencyComment

erik-krogh · web-flow · commit d56ea2201850 · 2020-09-03T13:56:40.000+02:00
JS: adjust comment about inconsistency for XSS in typeahead
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/typeahead.js b/javascript/ql/test/query-tests/Security/CWE-079/typeahead.js
@@ -7,7 +7,7 @@
     source: autocompleter.ttAdapter(),
     templates: {
       suggestion: function(loc) {
-        return loc; // NOT OK! - but not flagged due to not connecting the Bloodhound source with this sink [INCONSISTENCY]
+        return loc; // NOT OK - but only flagged when `AdditionalSources` are imported [INCONSISTENCY].
       }
     }
   })

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`source: autocompleter.ttAdapter(),`
`8`	`8`	`templates: {`
`9`	`9`	`suggestion: function(loc) {`
`10`		`- return loc; // NOT OK! - but not flagged due to not connecting the Bloodhound source with this sink [INCONSISTENCY]`
	`10`	+ return loc; // NOT OK - but only flagged when `AdditionalSources` are imported [INCONSISTENCY].
`11`	`11`	`}`
`12`	`12`	`}`
`13`	`13`	`})`