Document code with docstrings and alert messages

Author: jeongsoolee09

javascript/frameworks/ui5/test/models/dangerous_write_to_html_content/dynamicWriteToHtmlContent.ql

@@ -1,5 +1,5 @@
-| webapp/controller/app.controller.js:18:9:18:27 | htmlControl.content | Content write to an HTML element  |
-| webapp/controller/app.controller.js:21:32:21:56 | inputRe ... Value() | Content write to an HTML element  |
-| webapp/controller/app.controller.js:30:20:30:60 | `<div>$ ... </div>` | Content write to an HTML element  |
-| webapp/controller/app.controller.js:36:32:36:56 | inputRe ... Value() | Content write to an HTML element  |
-| webapp/controller/app.controller.js:41:33:41:57 | inputRe ... Value() | Content write to an HTML element  |
+| webapp/controller/app.controller.js:18:9:18:27 | htmlControl.content | Dynamic write to content of an HTML control without the use of a binding path. |
+| webapp/controller/app.controller.js:21:32:21:56 | inputRe ... Value() | Dynamic write to content of an HTML control without the use of a binding path. |
+| webapp/controller/app.controller.js:30:20:30:60 | `<div>$ ... </div>` | Dynamic write to content of an HTML control without the use of a binding path. |
+| webapp/controller/app.controller.js:36:32:36:56 | inputRe ... Value() | Dynamic write to content of an HTML control without the use of a binding path. |
+| webapp/controller/app.controller.js:41:33:41:57 | inputRe ... Value() | Dynamic write to content of an HTML control without the use of a binding path. |

javascript/frameworks/ui5/test/models/dynamic_write_to_html_content/dynamicWriteToHtmlContent.expected

@@ -2,4 +2,4 @@ import javascript
 import advanced_security.javascript.frameworks.ui5.UI5XssQuery
 
 from DynamicallySetElementValueOfHTML htmlContent
-select htmlContent, "Content write to an HTML element "
+select htmlContent, "Dynamic write to content of an HTML control without the use of a binding path."

javascript/frameworks/ui5/test/models/dynamic_write_to_html_content/dynamicWriteToHtmlContent.ql

@@ -1,64 +1,55 @@
 sap.ui.define(
-  [
-    "sap/ui/core/mvc/Controller",
-    "sap/m/Input",
-    "sap/m/Button",
-    "sap/m/VBox",
-    "sap/ui/core/HTML",
-  ],
-  function (Controller, Input, Button, VBox, HTML) {
+  ["sap/ui/core/mvc/Controller", "sap/ui/core/HTML"],
+  function (Controller, HTML) {
     "use strict";
     return Controller.extend("codeql-sap-js.controller.app", {
       onInit: function () {
         let inputReference = this.getView().byId("unit-test-target1");
         let htmlControl = this.getView().byId("htmlControl");
 
-        /* ========== 1. Input value piped into static HTML, via a reference ========== */
+        /* ========== 1. UNSAFE: Input value piped into a reference to a static HTML, via a reference ========== */
         /* 1-1. Value directly set to `HTML.content` */
-        htmlControl.content = inputReference.getValue();
+        htmlControl.content = inputReference.getValue(); // UNSAFE: property `content` set with an input value of a reference to a static value
 
         /* 1-2. Value set by `HTML.setContent(content)` */
-        htmlControl.setContent(inputReference.getValue());
+        htmlControl.setContent(inputReference.getValue()); // UNSAFE: property `content` set with an input value of a reference to a static value
       },
 
       doSomething1: function () {
         let inputReference = this.getView().byId("unit-test-target1");
 
-        /* ========== 2. Input value piped into dynamic HTML, instantiated and placed on-demand ========== */
+        /* ========== 2. UNSAFE: Input value piped into dynamic HTML, instantiated and placed on-demand ========== */
         /* 2-1. Value passed to the argument of the constructor call */
         let htmlControl1 = new HTML({
-          content: `<div>${inputReference.getValue()}</div>`,
+          content: `<div>${inputReference.getValue()}</div>`, // UNSAFE: property `content` set with an input value, control later placed at DOM
         });
         htmlControl1.placeAt("HTMLPlaceholder");
 
         /* 2-2. Value directly set to `HTML.content` */
         let htmlControl2 = new HTML();
-        htmlControl2.content = inputReference.getValue();
+        htmlControl2.content = inputReference.getValue(); // UNSAFE: property `content` set with an input value, control later placed at DOM
         htmlControl2.placeAt("HTMLPlaceholder");
 
         /* 2-3. Value set by `HTML.setContent(content)` */
         let htmlControl3 = new HTML();
-        htmlControl3.setContent(inputReference.getValue());
+        htmlControl3.setContent(inputReference.getValue()); // UNSAFE: property `content` set with an input value, control later placed at DOM
         htmlControl3.placeAt("HTMLPlaceholder");
       },
 
       doSomething2: function () {
         let inputReference = this.getView().byId("unit-test-target1");
 
-        /* ========== 2. Input value piped into dynamic HTML, instantiated and placed on-demand ========== */
-        /* 2-1. Value passed to the argument of the constructor call */
+        /* ========== 3. SAFE: Input value piped into dynamic HTML, instantiated but not placed anywhere in the DOM ========== */
         let htmlControl1 = new HTML({
-          content: `<div>${inputReference.getValue()}</div>`,
+          content: `<div>${inputReference.getValue()}</div>`, // SAFE: property `content` set with an input value but control not placed anywhere
         });
 
-        /* 2-2. Value directly set to `HTML.content` */
         let htmlControl2 = new HTML();
-        htmlControl2.content = inputReference.getValue();
+        htmlControl2.content = inputReference.getValue(); // SAFE: property `content` set with an input value but control not placed anywhere
 
-        /* 2-3. Value set by `HTML.setContent(content)` */
         let htmlControl3 = new HTML();
-        htmlControl3.setContent(inputReference.getValue());
-      }
+        htmlControl3.setContent(inputReference.getValue()); // SAFE: property `content` set with an input value but control not placed anywhere
+      },
     });
   }
 );