Skip to content

JS: Add support for props callbacks in Vue router configs #21159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
asgerf wants to merge 3 commits into
base: main
Choose a base branch
from
Open

JS: Add support for props callbacks in Vue router configs #21159

asgerf wants to merge 3 commits into from
+38 −15

Conversation

@asgerf
Copy link
Contributor

@asgerf asgerf commented Jan 13, 2026
edited
Loading

Adds a missing endpoint to the vue-router model

@github-actions github-actions bot added the JS label Jan 13, 2026
@asgerf asgerf marked this pull request as ready for review January 14, 2026 10:07
@asgerf asgerf requested a review from a team as a code owner January 14, 2026 10:07
Copilot AI review requested due to automatic review settings January 14, 2026 10:07
Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for detecting taint sources in Vue Router's props configuration when it uses callback functions. The props option in Vue Router can be either a function that receives a route object, or an object where each property is a function receiving a route object. Previously, these callbacks were not modeled as sources of tainted data.

Changes:

  • Extended the Vue Router model to detect route objects passed to props callbacks
  • Added test cases covering both function-based and object-based props configurations
  • Updated test expectations to reflect the new taint sources being detected

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
javascript/ql/lib/semmle/javascript/frameworks/Vue.qll Added two new predicates to detect route objects in props callbacks (both function and object forms)
javascript/ql/test/library-tests/frameworks/Vue/router.js Added test cases for props as a function and props as an object with function values
javascript/ql/test/library-tests/frameworks/Vue/tests.expected Updated expected test results with new taint sources detected from props callbacks
javascript/ql/src/change-notes/2026-01-13-vue-props-callbacks.md Added release notes documenting the enhancement

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

documentation JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@asgerf