We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent a76be91 commit 3922c73Copy full SHA for 3922c73
1 file changed
javascript/change-notes/2021-03-15-client-side-remote-flow-sources.md
@@ -0,0 +1,6 @@
1
+lgtm,codescanning
2
+* The security queries now distinguish more clearly between different parts of `window.locaton`.
3
+ When the taint source of an alert is based on `window.location`, the source will usually
4
+ occur closer to where user-controlled data is obtained, such as at `location.hash`.
5
+* `js/request-forgery` no longer considers client-side path parameters to be a source due to
6
+ the restricted character set usable in a path, resulting in fewer false-positive results.
0 commit comments