Replacement of a substring with itself ¶

ID: js/identity-replacementKind: problemSecurity severity: 5.0Severity: warningPrecision: very-highTags:   - correctness   - security   - external/cwe/cwe-116Query suites:   - javascript-code-scanning.qls   - javascript-security-extended.qls   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

Replacing a substring with itself has no effect and usually indicates a mistake, such as misspelling a backslash escape.

Recommendation¶

Examine the string replacement to find and correct any typos.

Example¶

The following code snippet attempts to backslash-escape all double quotes inraw by replacing all instances of" with\":

varescaped=raw.replace(/"/g,'\"');

However, the replacement string'\"' is actually the same as'"', with\" interpreted as an identity escape, so the replacement does nothing. Instead, the replacement string should be'\\"':

varescaped=raw.replace(/"/g,'\\"');

References¶

Mozilla Developer Network:String escape notation.
Common Weakness Enumeration:CWE-116.

© GitHub, Inc.
Terms
Privacy

Movatterモバイル変換

Replacement of a substring with itself¶

Recommendation¶

Example¶

References¶

Replacement of a substring with itself ¶