Skip to content

JS: Add support for unescape #19009

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Napalys merged 2 commits into from
Mar 13, 2025
Merged

JS: Add support for unescape #19009

Napalys merged 2 commits into from
Mar 13, 2025

Conversation

@Napalys
Copy link
Contributor

@Napalys Napalys commented Mar 13, 2025
edited
Loading

Added a taint step for unescape.
Closes #19003

@Napalys Napalys marked this pull request as ready for review March 13, 2025 12:10
Copilot AI review requested due to automatic review settings March 13, 2025 12:10
@Napalys Napalys requested a review from a team as a code owner March 13, 2025 12:10
Copilot AI reviewed Mar 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for the unescape function by introducing an additional taint step.

  • Added a new function FooBar in tst.js to test the behavior of unescape.
  • Updated the change notes to document the introduction of the taint step for unescape.

Reviewed Changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File Description
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js Added FooBar function that tests unescape taint propagation
javascript/ql/lib/change-notes/2025-03-13-unescape.md Documented the addition of unescape taint step
Files not reviewed (2)
  • javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll: Language not supported
  • javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected: Language not supported

Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more

erik-krogh
erik-krogh previously approved these changes Mar 13, 2025
View reviewed changes
Copy link
Contributor

@erik-krogh erik-krogh left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

Assuming DCA results look good when they're done.

(Remember to comment in the original issue).

Edit: Oh, you need to accept some more test outputs.

@Napalys Napalys requested a review from erik-krogh March 13, 2025 12:34
asgerf
asgerf reviewed Mar 13, 2025
View reviewed changes
@Napalys Napalys merged commit 28d1152 into github:main Mar 13, 2025
13 checks passed
@Napalys Napalys mentioned this pull request Mar 13, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@asgerf asgerf asgerf approved these changes

@erik-krogh erik-krogh erik-krogh approved these changes

Assignees

No one assigned

Labels

documentation JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

js taint tracking libs - add unescape as taint propagator

3 participants

@Napalys @asgerf @erik-krogh