ljharb
commented
2 years ago https://github.com/defunctzombie/node-url/blob/master/url.js#L417 is very intentionally trying to escape only the first colon.
CodeQL has false positives very often; this is just another one.
CodeQL gives "Incomplete string escaping or encoding" warning. CodeQL で「Incomplete string escaping or encoding」警告が出る
https://github.com/defunctzombie/node-url/blob/master/url.js line: 417
Url.prototype.format = function() { var auth = this.auth || ''; if (auth) { auth = encodeURIComponent(auth); auth = auth.replace(/%3A/i, ':'); ^^^^^^^^^^^^^^^^^^^^^^^^ auth += '@'; }
/%3A/i -> /%3A/ig If you add the "g" flag to the regular expression, it will disappear. 正規表現に「g」フラグをつけてくれれば消えると思う。