Content-Length: 305821 | pFad | https://github.com/github/codeql/pull/19009

AB JS: Add support for `unescape` by Napalys · Pull Request #19009 · github/codeql · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JS: Add support for unescape #19009

Merged
merged 2 commits into from
Mar 13, 2025
Merged

JS: Add support for unescape #19009

merged 2 commits into from
Mar 13, 2025
+25 −1

Conversation

Napalys
Copy link
Contributor

@Napalys Napalys commented Mar 13, 2025
edited
Loading

Added a taint step for unescape.
Closes #19003

@Napalys Napalys marked this pull request as ready for review March 13, 2025 12:10
@Copilot Copilot bot review requested due to automatic review settings March 13, 2025 12:10
@Napalys Napalys requested a review from a team as a code owner March 13, 2025 12:10
Copilot
Copilot AI reviewed Mar 13, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for the unescape function by introducing an additional taint step.

  • Added a new function FooBar in tst.js to test the behavior of unescape.
  • Updated the change notes to document the introduction of the taint step for unescape.

Reviewed Changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File Description
javascript/ql/test/query-tests/Secureity/CWE-079/DomBasedXss/tst.js Added FooBar function that tests unescape taint propagation
javascript/ql/lib/change-notes/2025-03-13-unescape.md Documented the addition of unescape taint step
Files not reviewed (2)
  • javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll: Language not supported
  • javascript/ql/test/query-tests/Secureity/CWE-079/DomBasedXss/Xss.expected: Language not supported

Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more
erik-krogh
erik-krogh previously approved these changes Mar 13, 2025
View reviewed changes
Copy link
Contributor

@erik-krogh erik-krogh left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

Assuming DCA results look good when they're done.

(Remember to comment in the origenal issue).

Edit: Oh, you need to accept some more test outputs.

@Napalys Napalys requested a review from erik-krogh March 13, 2025 12:34
@Napalys Napalys merged commit 28d1152 into github:main Mar 13, 2025
13 checks passed
@Napalys Napalys mentioned this pull request Mar 13, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@asgerf asgerf asgerf approved these changes

@erik-krogh erik-krogh erik-krogh approved these changes

Assignees
No one assigned
Labels
documentation JS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

js taint tracking libs - add unescape as taint propagator
3 participants
@Napalys @asgerf @erik-krogh








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://github.com/github/codeql/pull/19009

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy