CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.1-dev (changelog, source)
Search

Predicate ClientSideUrlRedirect::untrustedUrlSubstring

Holds if substring refers to a substring of base which is considered untrusted when base is the current URL.

Import path

import semmle.javascript.security.dataflow.ClientSideUrlRedirectCustomizations
predicate untrustedUrlSubstring(Node base, Node substring)