File tree Expand file tree Collapse file tree 2 files changed +10
-10
lines changed
javascript/ql/lib/semmle/javascript/security/dataflow Expand file tree Collapse file tree 2 files changed +10
-10
lines changed Original file line number Diff line number Diff line change @@ -27,6 +27,16 @@ module StoredXss {
2727 AnySink ( ) { this instanceof Shared:: Sink }
2828 }
2929
30+ /** A file name, considered as a flow source for stored XSS. */
31+ class FileNameSourceAsSource extends Source {
32+ FileNameSourceAsSource ( ) { this instanceof FileNameSource }
33+ }
34+
35+ /** An instance of user-controlled torrent information, considered as a flow source for stored XSS. */
36+ class UserControlledTorrentInfoAsSource extends Source {
37+ UserControlledTorrentInfoAsSource ( ) { this instanceof ParseTorrent:: UserControlledTorrentInfo }
38+ }
39+
3040 /**
3141 * A regexp replacement involving an HTML meta-character, viewed as a sanitizer for
3242 * XSS vulnerabilities.
Original file line number Diff line number Diff line change @@ -28,16 +28,6 @@ class Configuration extends TaintTracking::Configuration {
2828 }
2929}
3030
31- /** A file name, considered as a flow source for stored XSS. */
32- class FileNameSourceAsSource extends Source {
33- FileNameSourceAsSource ( ) { this instanceof FileNameSource }
34- }
35-
36- /** An instance of user-controlled torrent information, considered as a flow source for stored XSS. */
37- class UserControlledTorrentInfoAsSource extends Source {
38- UserControlledTorrentInfoAsSource ( ) { this instanceof ParseTorrent:: UserControlledTorrentInfo }
39- }
40-
4131private class QuoteGuard extends TaintTracking:: SanitizerGuardNode , Shared:: QuoteGuard {
4232 QuoteGuard ( ) { this = this }
4333}
You can’t perform that action at this time.
0 commit comments