CodeQL library for JavaScript
codeql/javascript-all 0.3.4 (changelog, source)
Search

Predicate ClientSideUrlRedirect::untrustedUrlSubstring

Holds if substring refers to a substring of base which is considered untrusted when base is the current URL.

Import path

import semmle.javascript.security.dataflow.ClientSideUrlRedirectCustomizations
predicate untrustedUrlSubstring(Node base, Node substring)