We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 7f25c1b commit e118049Copy full SHA for e118049
javascript/ql/src/semmle/javascript/security/dataflow/UnsafeJQueryPlugin.qll
@@ -36,7 +36,7 @@ module UnsafeJQueryPlugin {
36
// prefixing prevents forced html/css confusion:
37
38
// prefixing through concatenation:
39
- StringConcatenation::getFirstOperand(succ) != pred
+ StringConcatenation::getOperand(succ, [1..StringConcatenation::getNumOperand(succ) - 1]) = pred
40
or
41
// prefixing through a poor-mans templating system:
42
exists(DataFlow::MethodCallNode replace |
0 commit comments