javascript: Add support for document.defaultView in global variable references
#20844
+17
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… references Updated the data flow analysis to include `document.defaultView` as a source node for global variable references. Added a new test file `tst4.js` and updated existing tests to verify the inclusion of `defaultView` and its properties in the expected results.
Eliav2
force-pushed
the
20823-globalVarRef-document-defaultView
branch
from
76637a9 to
bd18e86
Compare
…ropertyRead Changed the method for accessing `defaultView` from `getAPropertyReference` to `getAPropertyRead` to improve accuracy in data flow analysis for global variable references.
asgerf
previously approved these changes
Nov 17, 2025
Contributor
asgerf
left a comment
asgerf
left a comment
There was a problem hiding this comment.
Looks great! Thanks for the PR. I've started an internal evaluation of the changes and will merge if it loosk good
asgerf
reviewed
Nov 19, 2025
|
|
||
| ### Minor Analysis Improvements | ||
|
|
||
| - JavaScript `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, allowing flows such as `document.defaultView.history.pushState(...)` to be modeled and found by queries relying on `globalVarRef("history")`. |
Contributor
There was a problem hiding this comment.
Sorry, I overlooked that this change note is in the wrong file. Files in the released directory are auto-generated during the release process.
Could you move this one directory up and rename it to 2025-11-19-default-view.md, and replace the headings with the preamble:
---
category: minorAnalysis
---
Author
There was a problem hiding this comment.
hey, no problem, done, moved to lib/change-notes/2025-11-19-default-view.md ****
Introduced a new change note detailing that `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, enhancing the modeling of data flows involving `history` in queries.
asgerf
previously approved these changes
Nov 20, 2025
Contributor
|
The |
Eliav2
force-pushed
the
20823-globalVarRef-document-defaultView
branch
from
c35d65f to
91451b7
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated the data flow analysis to include
document.defaultViewas a source node for global variable references. Added a new test filetst4.jsand updated existing tests to verify the inclusion ofdefaultViewand its properties in the expected results.would close this #20823