JS: Avoid using non-existent attribute as parent

Author: asgerf

javascript/extractor/src/com/semmle/js/extractor/HTMLExtractor.java

@@ -89,18 +89,23 @@ public void handleElement(Element elt, HtmlPopulator.Context context) {
         }
       } else {
         Attributes attributes = elt.getAttributes();
+        boolean attributesAreExtracted = shouldExtractAttributes(elt);
         // attributes can be null for directives
         if (attributes != null)
           for (Attribute attr : attributes) {
             // ignore empty attributes
             if (attr.getValue() == null || attr.getValue().isEmpty()) continue;
 
+            // If attributes are not extracted we can't use the attribute as the parent node.
+            // In this case, use the enclosing element as the node.
+            Segment parentSegment = attributesAreExtracted ? attr : elt;
+
             extractTemplateTags(
                 textualExtractor,
                 attr.getSource(),
                 attr.getBegin(),
                 attr.getEnd(),
-                () -> context.getNodeLabel(attr));
+                () -> context.getNodeLabel(parentSegment));
 
             String source = attr.getValue();
             int valueStart = attr.getValueSegment().getBegin();
@@ -113,7 +118,7 @@ public void handleElement(Element elt, HtmlPopulator.Context context) {
                   source,
                   valueStart,
                   false /* isTypeScript */,
-                  context.getNodeLabel(attr));
+                  context.getNodeLabel(parentSegment));
             } else if (isAngularTemplateAttributeName(attr.getName())) {
               // For an attribute *ngFor="let var of EXPR", start parsing at EXPR
               int offset = 0;
@@ -133,7 +138,7 @@ public void handleElement(Element elt, HtmlPopulator.Context context) {
                   source,
                   valueStart + offset,
                   false /* isTypeScript */,
-                  context.getNodeLabel(attr));
+                  context.getNodeLabel(parentSegment));
             } else if (source.startsWith("javascript:")) {
               source = source.substring(11);
               extractSnippet(
@@ -144,7 +149,7 @@ public void handleElement(Element elt, HtmlPopulator.Context context) {
                   source,
                   valueStart + 11,
                   false /* isTypeScript */,
-                  context.getNodeLabel(attr));
+                  context.getNodeLabel(parentSegment));
             }
           }
       }

javascript/extractor/tests/generatedcode/output/trap/attributes.html.trap

@@ -352,42 +352,41 @@ xmlChars(#20110,"
 #20111=@"loc,{#10000},8,47,9,2"
 locations_default(#20111,#10000,8,47,9,2)
 xmllocations(#20110,#20111)
-#20112=*
-xmlElements(#20112,"div",#20098,9,#10000)
-#20113=@"loc,{#10000},8,5,8,46"
-locations_default(#20113,#10000,8,5,8,46)
-xmllocations(#20112,#20113)
-#20114=*
-xmlElements(#20114,"div",#20098,7,#10000)
-#20115=@"loc,{#10000},7,5,7,35"
-locations_default(#20115,#10000,7,5,7,35)
-xmllocations(#20114,#20115)
-#20116=*
-xmlElements(#20116,"div",#20098,5,#10000)
-#20117=@"loc,{#10000},6,5,6,31"
-locations_default(#20117,#10000,6,5,6,31)
-xmllocations(#20116,#20117)
-xmlAttrs(#20042,#20116,"foo","{{#foo}}{{/foo}}/",0,#10000)
-#20118=@"loc,{#10000},6,10,6,30"
-locations_default(#20118,#10000,6,10,6,30)
-xmllocations(#20042,#20118)
-#20119=*
-xmlElements(#20119,"div",#20098,3,#10000)
-#20120=@"loc,{#10000},5,5,5,32"
-locations_default(#20120,#10000,5,5,5,32)
-xmllocations(#20119,#20120)
-xmlAttrs(#20018,#20119,"foo","{{{foo}}}{{/foo}}/",0,#10000)
-#20121=@"loc,{#10000},5,10,5,31"
-locations_default(#20121,#10000,5,10,5,31)
-xmllocations(#20018,#20121)
-#20122=*
-xmlElements(#20122,"div",#20098,1,#10000)
-#20123=@"loc,{#10000},4,5,4,27"
-locations_default(#20123,#10000,4,5,4,27)
-xmllocations(#20122,#20123)
-xmlAttrs(#20002,#20122,"foo","{{foo}}",0,#10000)
-#20124=@"loc,{#10000},4,10,4,20"
-locations_default(#20124,#10000,4,10,4,20)
-xmllocations(#20002,#20124)
+xmlElements(#20058,"div",#20098,9,#10000)
+#20112=@"loc,{#10000},8,5,8,46"
+locations_default(#20112,#10000,8,5,8,46)
+xmllocations(#20058,#20112)
+#20113=*
+xmlElements(#20113,"div",#20098,7,#10000)
+#20114=@"loc,{#10000},7,5,7,35"
+locations_default(#20114,#10000,7,5,7,35)
+xmllocations(#20113,#20114)
+#20115=*
+xmlElements(#20115,"div",#20098,5,#10000)
+#20116=@"loc,{#10000},6,5,6,31"
+locations_default(#20116,#10000,6,5,6,31)
+xmllocations(#20115,#20116)
+xmlAttrs(#20042,#20115,"foo","{{#foo}}{{/foo}}/",0,#10000)
+#20117=@"loc,{#10000},6,10,6,30"
+locations_default(#20117,#10000,6,10,6,30)
+xmllocations(#20042,#20117)
+#20118=*
+xmlElements(#20118,"div",#20098,3,#10000)
+#20119=@"loc,{#10000},5,5,5,32"
+locations_default(#20119,#10000,5,5,5,32)
+xmllocations(#20118,#20119)
+xmlAttrs(#20018,#20118,"foo","{{{foo}}}{{/foo}}/",0,#10000)
+#20120=@"loc,{#10000},5,10,5,31"
+locations_default(#20120,#10000,5,10,5,31)
+xmllocations(#20018,#20120)
+#20121=*
+xmlElements(#20121,"div",#20098,1,#10000)
+#20122=@"loc,{#10000},4,5,4,27"
+locations_default(#20122,#10000,4,5,4,27)
+xmllocations(#20121,#20122)
+xmlAttrs(#20002,#20121,"foo","{{foo}}",0,#10000)
+#20123=@"loc,{#10000},4,10,4,20"
+locations_default(#20123,#10000,4,10,4,20)
+xmllocations(#20002,#20123)
 numlines(#10000,10,3,0)
 filetype(#10000,"html")