CodeQL documentation
CodeQL resources

Replacement of a substring with itself

ID: js/identity-replacement
Kind: problem
Security severity: 5.0
Severity: warning
Precision: very-high
Tags:
   - correctness
   - security
   - external/cwe/cwe-116
Query suites:
   - javascript-code-scanning.qls
   - javascript-security-extended.qls
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

Replacing a substring with itself has no effect and usually indicates a mistake, such as misspelling a backslash escape.

Recommendation

Examine the string replacement to find and correct any typos.

Example

The following code snippet attempts to backslash-escape all double quotes in raw by replacing all instances of " with \":

var escaped = raw.replace(/"/g, '\"');

However, the replacement string '\"' is actually the same as '"', with \" interpreted as an identity escape, so the replacement does nothing. Instead, the replacement string should be '\\"':

var escaped = raw.replace(/"/g, '\\"');

References

  • © GitHub, Inc.
  • Terms
  • Privacy
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy