Update javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/UnsafeHtmlExpansion.js

asgerf · Napalys · web-flow · commit 92dfdc8194e6 · 2025-03-10T14:19:33.000+01:00
Co-authored-by: Napalys Klicius &lt;napalys@github.com&gt;
diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/UnsafeHtmlExpansion.js b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/UnsafeHtmlExpansion.js
@@ -32,7 +32,7 @@
 	function getExpanded() {
 		return expanded;
 	}
-	html.replace(defaultPattern, getExpanded()); // MISSING: Alert - not tracking the expansion string
+	html.replace(defaultPattern, getExpanded()); // $ MISSING: Alert - not tracking the expansion string
 	html.replace(defaultPattern, something); // OK - possibly
 	defaultPattern.match(something); // OK - possibly
 	getPattern().match(something); // OK - possibly

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@`
`32`	`32`	`function getExpanded() {`
`33`	`33`	`return expanded;`
`34`	`34`	`}`
`35`		`- html.replace(defaultPattern, getExpanded()); // MISSING: Alert - not tracking the expansion string`
	`35`	`+ html.replace(defaultPattern, getExpanded()); // $ MISSING: Alert - not tracking the expansion string`
`36`	`36`	`html.replace(defaultPattern, something); // OK - possibly`
`37`	`37`	`defaultPattern.match(something); // OK - possibly`
`38`	`38`	`getPattern().match(something); // OK - possibly`