move PrefixStringSanitizer to the Query.qll file, and have it extend LabeledSanitizerGuardNode

Author: erik-krogh

javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll

@@ -22,19 +22,4 @@ module DomBasedXss {
 
   /** Gets the flow-label representing tainted values where the prefix is attacker controlled. */
   PrefixString prefixLabel() { any() }
-
-  /**
-   * A sanitizer that blocks the `PrefixString` label when the start of the string is being tested as being of a particular prefix.
-   */
-  class PrefixStringSanitizer extends SanitizerGuard instanceof StringOps::StartsWith {
-    override predicate sanitizes(boolean outcome, Expr e) { none() }
-
-    override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) {
-      super.blocks(outcome, e, label)
-      or
-      e = super.getBaseString().asExpr() and
-      label = prefixLabel() and
-      outcome = super.getPolarity()
-    }
-  }
 }

javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll

@@ -123,3 +123,14 @@ class Configuration extends TaintTracking::Configuration {
     outlbl = prefixLabel()
   }
 }
+
+/**
+ * A sanitizer that blocks the `PrefixString` label when the start of the string is being tested as being of a particular prefix.
+ */
+class PrefixStringSanitizer extends SanitizerGuard, TaintTracking::LabeledSanitizerGuardNode instanceof StringOps::StartsWith {
+  override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) {
+    e = super.getBaseString().asExpr() and
+    label = prefixLabel() and
+    outcome = super.getPolarity()
+  }
+}