Skip to content

Commit cf1e87d

Browse files
asgerfasgerf
committed
JS: Track DOM elements out of collections
1 parent 1f228a0 commit cf1e87d

File tree

2 files changed

+4
-0
lines changed

2 files changed

+4
-0
lines changed

javascript/ql/lib/semmle/javascript/DOM.qll

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -421,6 +421,9 @@ module DOM {
421421
t.startInProp("target") and
422422
result = domEventSource()
423423
or
424+
t.startInProp(DataFlow::PseudoProperties::arrayElement()) and
425+
result = domElementCollection()
426+
or
424427
exists(DataFlow::TypeTracker t2 | result = domValueRef(t2).track(t2, t))
425428
}
426429

javascript/ql/test/library-tests/DOM/Customizations.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,5 +23,6 @@ test_domValueRef
2323
| nameditems.js:1:1:2:19 | documen ... em('x') |
2424
| querySelectorAll.js:2:5:2:29 | documen ... ctorAll |
2525
| querySelectorAll.js:2:5:2:36 | documen ... ('foo') |
26+
| querySelectorAll.js:2:46:2:48 | elm |
2627
| tst.js:49:3:49:8 | window |
2728
| tst.js:50:3:50:8 | window |

0 commit comments

Comments
 (0)