Predicate ClientSideUrlRedirect::untrustedUrlSubstring
Holds if substring
refers to a substring of base
which is considered untrusted
when base
is the current URL.
Import path
import semmle.javascript.security.dataflow.ClientSideUrlRedirectCustomizations
predicate untrustedUrlSubstring(Node base, Node substring)