Skip to content

Remove [[ link syntax from C# XSS sink#22095

Open
d10c wants to merge 1 commit into
github:mainfrom
d10c:d10c/drop-bracket-style-links
Open

Remove [[ link syntax from C# XSS sink#22095
d10c wants to merge 1 commit into
github:mainfrom
d10c:d10c/drop-bracket-style-links

Conversation

@d10c

@d10c d10c commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Remove the makeUrl() private predicate and [[ usage from AspxCodeSink.explanation() in XSSSinks.qll, replacing it with plain text. This syntax is legacy, undocumented, and about to be removed.

Remove the makeUrl predicate and the [[""|""]]] link syntax from
AspxCodeSink.explanation(), replacing with plain text.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions Bot added the C# label Jun 30, 2026
@d10c d10c marked this pull request as ready for review July 1, 2026 15:14
@d10c d10c requested a review from a team as a code owner July 1, 2026 15:14
Copilot AI review requested due to automatic review settings July 1, 2026 15:14

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes legacy, undocumented [[ ... | ... ]] link syntax from the C# XSS sink explanation used for ASPX inline-member sinks, simplifying the message to plain text and deleting the now-unused URL-construction helper.

Changes:

  • Deleted the private makeUrl(Location l) predicate that generated file://... URLs for the legacy link syntax.
  • Updated AspxCodeSink.explanation() to return a plain-text explanation string without [[ ... ]].
Show a summary per file
File Description
csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll Removes legacy [[ link formatting from the ASPX inline sink explanation and deletes the helper predicate that supported it.

Review details

  • Files reviewed: 1/1 changed files
  • Comments generated: 0
  • Review effort level: Low

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants