From b07e801c106b0824e7df3daee127a645cf7674c0 Mon Sep 17 00:00:00 2001
From: aegilops <41705651+aegilops@users.noreply.github.com>
Date: Thu, 9 Jan 2025 18:02:45 +0000
Subject: [PATCH] Add new test for new XSS sink, update `expected` to match

---
 .../Security/CWE-079/DomBasedXss/Xss.expected | 240 +++++++++---------
 .../XssWithAdditionalSources.expected         | 211 +++++++--------
 .../CWE-079/DomBasedXss/angular2-client.ts    |   7 +-
 3 files changed, 244 insertions(+), 214 deletions(-)

diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
index 9b764729c99d..e1308043db9e 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
@@ -25,67 +25,73 @@ nodes
 | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:33 | event.data |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
+| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params |
+| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams |
+| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters |
+| angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params |
+| angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:40:44:40:58 | this.router.url |
+| angular2-client.ts:40:44:40:58 | this.router.url |
+| angular2-client.ts:40:44:40:58 | this.router.url |
+| angular2-client.ts:42:45:42:59 | this.router.url |
+| angular2-client.ts:42:45:42:59 | this.router.url |
+| angular2-client.ts:42:45:42:59 | this.router.url |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams |
+| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
 | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") |
 | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") |
 | angular-tempate-url.js:13:30:13:31 | ev |
@@ -1249,44 +1255,51 @@ edges
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
+| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment | angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') | angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path | angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') | angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:40:44:40:58 | this.router.url | angular2-client.ts:40:44:40:58 | this.router.url |
+| angular2-client.ts:42:45:42:59 | this.router.url | angular2-client.ts:42:45:42:59 | this.router.url |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
 | angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev |
 | angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev |
 | angular-tempate-url.js:14:26:14:27 | ev | angular-tempate-url.js:14:26:14:32 | ev.data |
@@ -2415,20 +2428,21 @@ edges
 | addEventListener.js:2:20:2:29 | event.data | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:29 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:1:43:1:47 | event | user-provided value |
 | addEventListener.js:6:20:6:23 | data | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:6:20:6:23 | data | Cross-site scripting vulnerability due to $@. | addEventListener.js:5:43:5:48 | {data} | user-provided value |
 | addEventListener.js:12:24:12:33 | event.data | addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:33 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:10:21:10:25 | event | user-provided value |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | Cross-site scripting vulnerability due to $@. | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | user-provided value |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:24:44:24:69 | this.ro ... .params | user-provided value |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:25:44:25:74 | this.ro ... yParams | user-provided value |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | Cross-site scripting vulnerability due to $@. | angular2-client.ts:26:44:26:71 | this.ro ... ragment | user-provided value |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | user-provided value |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | user-provided value |
-| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:30:46:30:59 | map.get('foo') | user-provided value |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | Cross-site scripting vulnerability due to $@. | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | user-provided value |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:34:44:34:80 | this.ro ... ameters | user-provided value |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | user-provided value |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:36:44:36:89 | this.ro ... .params | user-provided value |
-| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:38:44:38:58 | this.router.url | user-provided value |
-| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:40:45:40:59 | this.router.url | user-provided value |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | user-provided value |
+| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | Cross-site scripting vulnerability due to $@. | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | user-provided value |
+| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:26:44:26:69 | this.ro ... .params | user-provided value |
+| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:27:44:27:74 | this.ro ... yParams | user-provided value |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment | angular2-client.ts:28:44:28:71 | this.ro ... ragment | angular2-client.ts:28:44:28:71 | this.ro ... ragment | Cross-site scripting vulnerability due to $@. | angular2-client.ts:28:44:28:71 | this.ro ... ragment | user-provided value |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | user-provided value |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | user-provided value |
+| angular2-client.ts:32:46:32:59 | map.get('foo') | angular2-client.ts:32:46:32:59 | map.get('foo') | angular2-client.ts:32:46:32:59 | map.get('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:32:46:32:59 | map.get('foo') | user-provided value |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path | angular2-client.ts:35:44:35:74 | this.ro ... 1].path | angular2-client.ts:35:44:35:74 | this.ro ... 1].path | Cross-site scripting vulnerability due to $@. | angular2-client.ts:35:44:35:74 | this.ro ... 1].path | user-provided value |
+| angular2-client.ts:36:44:36:82 | this.ro ... eters.x | angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:36:44:36:80 | this.ro ... ameters | user-provided value |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') | angular2-client.ts:37:44:37:91 | this.ro ... et('x') | angular2-client.ts:37:44:37:91 | this.ro ... et('x') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:37:44:37:91 | this.ro ... et('x') | user-provided value |
+| angular2-client.ts:38:44:38:91 | this.ro ... arams.x | angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x | Cross-site scripting vulnerability due to $@. | angular2-client.ts:38:44:38:89 | this.ro ... .params | user-provided value |
+| angular2-client.ts:40:44:40:58 | this.router.url | angular2-client.ts:40:44:40:58 | this.router.url | angular2-client.ts:40:44:40:58 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:40:44:40:58 | this.router.url | user-provided value |
+| angular2-client.ts:42:45:42:59 | this.router.url | angular2-client.ts:42:45:42:59 | this.router.url | angular2-client.ts:42:45:42:59 | this.router.url | Cross-site scripting vulnerability due to $@. | angular2-client.ts:42:45:42:59 | this.router.url | user-provided value |
+| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | Cross-site scripting vulnerability due to $@. | angular2-client.ts:43:75:43:105 | this.ro ... yParams | user-provided value |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | Cross-site scripting vulnerability due to $@. | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | user-provided value |
 | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | Cross-site scripting vulnerability due to $@. | angular-tempate-url.js:13:30:13:31 | ev | user-provided value |
 | classnames.js:7:31:7:84 | `<span  ... <span>` | classnames.js:7:58:7:68 | window.name | classnames.js:7:31:7:84 | `<span  ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:7:58:7:68 | window.name | user-provided value |
 | classnames.js:8:31:8:85 | `<span  ... <span>` | classnames.js:8:59:8:69 | window.name | classnames.js:8:31:8:85 | `<span  ... <span>` | Cross-site scripting vulnerability due to $@. | classnames.js:8:59:8:69 | window.name | user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
index 185cae0d2d30..3d968b9022a6 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
@@ -25,67 +25,73 @@ nodes
 | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:33 | event.data |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
+| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params |
+| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams |
+| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters |
+| angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params |
+| angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:40:44:40:58 | this.router.url |
+| angular2-client.ts:40:44:40:58 | this.router.url |
+| angular2-client.ts:40:44:40:58 | this.router.url |
+| angular2-client.ts:42:45:42:59 | this.router.url |
+| angular2-client.ts:42:45:42:59 | this.router.url |
+| angular2-client.ts:42:45:42:59 | this.router.url |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams |
+| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
 | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") |
 | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") |
 | angular-tempate-url.js:13:30:13:31 | ev |
@@ -1299,44 +1305,51 @@ edges
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
 | addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data |
-| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo |
-| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment |
-| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') |
-| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') |
-| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') |
-| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x |
-| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x |
-| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url |
-| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url |
-| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') |
+| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo |
+| angular2-client.ts:28:44:28:71 | this.ro ... ragment | angular2-client.ts:28:44:28:71 | this.ro ... ragment |
+| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | angular2-client.ts:29:44:29:82 | this.ro ... ('foo') |
+| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | angular2-client.ts:30:44:30:87 | this.ro ... ('foo') |
+| angular2-client.ts:32:46:32:59 | map.get('foo') | angular2-client.ts:32:46:32:59 | map.get('foo') |
+| angular2-client.ts:35:44:35:74 | this.ro ... 1].path | angular2-client.ts:35:44:35:74 | this.ro ... 1].path |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x |
+| angular2-client.ts:37:44:37:91 | this.ro ... et('x') | angular2-client.ts:37:44:37:91 | this.ro ... et('x') |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x |
+| angular2-client.ts:40:44:40:58 | this.router.url | angular2-client.ts:40:44:40:58 | this.router.url |
+| angular2-client.ts:42:45:42:59 | this.router.url | angular2-client.ts:42:45:42:59 | this.router.url |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo |
+| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | angular2-client.ts:47:44:47:76 | routeSn ... ('foo') |
 | angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev |
 | angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev |
 | angular-tempate-url.js:14:26:14:27 | ev | angular-tempate-url.js:14:26:14:32 | ev.data |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts
index 734a06da3bc1..6d1823c2f601 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts
+++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular2-client.ts
@@ -1,4 +1,4 @@
-import { Component, OnInit, DomSanitizer as DomSanitizer2 } from '@angular/core';
+import { Component, OnInit, DomSanitizer as DomSanitizer2, Renderer2, Inject } from '@angular/core';
 import { ɵgetDOM } from '@angular/common';
 import { ActivatedRoute, ActivatedRouteSnapshot, Router } from '@angular/router';
 import { DomSanitizer } from '@angular/platform-browser';
@@ -15,7 +15,9 @@ export class AppComponent implements OnInit {
     private route: ActivatedRoute,
     private sanitizer: DomSanitizer,
     private router: Router,
-    private sanitizer2: DomSanitizer2
+    private sanitizer2: DomSanitizer2,
+    private renderer: Renderer2,
+    @Inject(DOCUMENT) private document: Document
   ) {}
 
   ngOnInit() {
@@ -38,6 +40,7 @@ export class AppComponent implements OnInit {
     this.sanitizer.bypassSecurityTrustHtml(this.router.url); // NOT OK
 
     this.sanitizer2.bypassSecurityTrustHtml(this.router.url); // NOT OK
+    this.renderer.setProperty(this.document.documentElement, 'innerHTML', this.route.snapshot.queryParams.foo); // NOT OK
   }
 
   someMethod(routeSnapshot: ActivatedRouteSnapshot) {