documented getSelectionCall

Author: bananabr

javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll

@@ -219,7 +219,7 @@ module XssThroughDom {
 
 
   /**
-   * A source for text from the DOM from a Selection object toString method call
+   * A call to window.getSelection
    * https://developer.mozilla.org/en-US/docs/Web/API/Selection
    */
   DataFlow::SourceNode getSelectionCall(DataFlow::TypeTracker t) {
@@ -233,6 +233,10 @@ module XssThroughDom {
     exists(DataFlow::TypeTracker t2 | result = getSelectionCall(t2).track(t2, t))
   }
 
+  /**
+   * A source for text from the DOM from a Selection object toString method call
+   * https://developer.mozilla.org/en-US/docs/Web/API/Selection
+   */
   class SelectionSource extends Source {
     SelectionSource() {
       this = getSelectionCall(DataFlow::TypeTracker::end()).getAMethodCall("toString")