| 12345678910111213141516 |
- # Bambuddy JavaScript Security & Quality Suite
- #
- # Extends the standard javascript-security-and-quality suite,
- # excluding false positives documented below.
- - description: "Bambuddy JavaScript security and quality"
- - import: codeql-suites/javascript-security-and-quality.qls
- from: codeql/javascript-queries
- # XSS through DOM (2): False positives —
- # 1. coverage/sorter.js: generated Istanbul coverage report, not our code
- # 2. TimelapseEditorModal.tsx: URL.createObjectURL(file) creates a safe
- # blob: URL used as <audio src>, not HTML content injection
- - exclude:
- id: js/xss-through-dom
|
