Skip to content

Commit 0a02b16

Browse files
authored
Merge pull request #22095 from d10c/d10c/drop-bracket-style-links
Remove [[ link syntax from C# XSS sink
2 parents 4aef485 + 43cfa2f commit 0a02b16

1 file changed

Lines changed: 1 addition & 11 deletions

File tree

  • csharp/ql/lib/semmle/code/csharp/security/dataflow

csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -186,13 +186,6 @@ private Expr aspWrittenValue(AspInlineMember m) {
186186
m.getMember().(Callable).canReturn(result)
187187
}
188188

189-
private string makeUrl(Location l) {
190-
exists(string path, int sl, int sc, int el, int ec |
191-
l.hasLocationInfo(path, sl, sc, el, ec) and
192-
result = "file://" + path + ":" + sl + ":" + sc + ":" + el + ":" + ec
193-
)
194-
}
195-
196189
/**
197190
* A sink for writes to properties that are accessed in ASP pages.
198191
*
@@ -208,10 +201,7 @@ private class AspxCodeSink extends Sink {
208201

209202
AspxCodeSink() { this.getExpr() = aspWrittenValue(inline) }
210203

211-
override string explanation() {
212-
result =
213-
"member is [[\"accessed inline\"|\"" + makeUrl(inline.getLocation()) + "\"]] in an ASPX page"
214-
}
204+
override string explanation() { result = "member is accessed inline in an ASPX page" }
215205
}
216206

217207
/** A sink for the output stream associated with a `HttpListenerResponse`. */

0 commit comments

Comments
 (0)