Jorge

Thank you for addressing this issue! FWIW, I'd suggest using tools focused on XSS sanitization such as [dompurify](https://github.com/cure53/DOMPurify).

What is the reason behind `badTest[2..7]()`? Since the main problem is the fact of providing `0` to `malloc(0)`, why is the query this complex (also checking whether the returned `ptr`...

> I think this should really be 3 queries: One query for malloc'ing with a size of zero, one query for calling a noreturn'ing function and expecting it to return...

@ihsinme My last thought wasn't trying to avoid violating any rules, but to polish the contribution in an organized, basic, yet strong query. However, according to how you called the...

:wave: Friendly ping

> @jorgectf is there somewhere an explicit list with examples of issues that might be reported? I tried to browse the docs, but didn't directly find it. Yes! All queries...

👋 Sorry for missing your reply. Yes, CodeQL works under Windows and MacOS-based runners. You can specify the `runs-on` label to be `windows-latest` or `macos-latest` respectively.

:wave: Friendly ping

@xuxueli

:wave: Friendly ping