- Fixed a bug, first introduced in
2.20.3, that would preventv-htmlattributes in Vue files from being flagged by thejs/xssquery. The original behaviour has been restored and thev-htmlattribute is once again functioning as a sink for thejs/xssquery. - Fixed a bug that would in rare cases cause some regexp-based checks to be seen as generic taint sanitisers, even though the underlying regexp is not restrictive enough. The regexps are now analysed more precisely, and unrestrictive regexp checks will no longer block taint flow.
- Fixed a recently-introduced bug that caused
js/server-side-unvalidated-url-redirectionto ignore valid hostname checks and report spurious alerts after such a check. The original behaviour has been restored.