File tree Expand file tree Collapse file tree
javascript/ql/src/semmle/javascript/security/dataflow Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -28,14 +28,15 @@ module Shared {
2828 abstract class SanitizerGuard extends TaintTracking:: SanitizerGuardNode { }
2929
3030 /**
31- * A regexp replacement involving an HTML meta-character, viewed as a sanitizer for
31+ * A global regexp replacement involving an HTML meta-character, viewed as a sanitizer for
3232 * XSS vulnerabilities.
3333 *
3434 * The XSS queries do not attempt to reason about correctness or completeness of sanitizers,
3535 * so any such replacement stops taint propagation.
3636 */
3737 class MetacharEscapeSanitizer extends Sanitizer , StringReplaceCall {
3838 MetacharEscapeSanitizer ( ) {
39+ this .isGlobal ( ) and
3940 exists ( RegExpConstant c |
4041 c .getLiteral ( ) = getRegExp ( ) .asExpr ( ) and
4142 c .getValue ( ) .regexpMatch ( "['\"&<>]" )
You can’t perform that action at this time.
0 commit comments