advanced-security · mbaluda · Feb 25, 2026 · Feb 25, 2026
diff --git a/javascript/frameworks/ui5/ext/ui5.model.yml b/javascript/frameworks/ui5/ext/ui5.model.yml
@@ -115,7 +115,6 @@ extensions:
     data:
       - ["UI5InputControl", "Member[value]", "remote"]
       - ["UI5InputControl", "Member[getValue].ReturnValue", "remote"]
-      - ["UI5HTMLControl", "Member[getContent].ReturnValue", "remote"]
       - ["UI5CodeEditor", "Member[value]", "remote"]
       - ["UI5CodeEditor", "Member[getCurrentValue].ReturnValue", "remote"]
       - ["global", "Member[jQuery].Member[sap].Member[syncHead,syncGet,syncGetText,syncPost,syncPostText].ReturnValue", "remote"]

diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/CSRF.expected b/javascript/frameworks/ui5/test/queries/RequestForgery/CSRF.expected
@@ -0,0 +1,4 @@
+edges
+nodes
+subpaths
+#select
diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/CSRF.qlref b/javascript/frameworks/ui5/test/queries/RequestForgery/CSRF.qlref
@@ -0,0 +1 @@
+Security/CWE-918/ClientSideRequestForgery.ql
diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/SSRF.expected b/javascript/frameworks/ui5/test/queries/RequestForgery/SSRF.expected
@@ -0,0 +1,4 @@
+edges
+nodes
+subpaths
+#select
diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/SSRF.qlref b/javascript/frameworks/ui5/test/queries/RequestForgery/SSRF.qlref
@@ -0,0 +1 @@
+Security/CWE-918/RequestForgery.ql
diff --git a/javascript/frameworks/ui5/test/queries/RequestForgery/test.js b/javascript/frameworks/ui5/test/queries/RequestForgery/test.js
@@ -0,0 +1,6 @@
+import request from 'request';
+$(document).ready(function () {
+    var request = new XMLHttpRequest();
+    var url = jQuery.sap.GetUriParameters().get("url");
+    request.open("GET", url, false);
+});
diff --git a/javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/UI5Xss.expected b/javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/UI5Xss.expected
@@ -18,5 +18,4 @@ edges
 #select
 | webapp/controller/app.controller.js:16:35:16:62 | oModel. ... input') | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:16:35:16:62 | oModel. ... input') | XSS vulnerability due to $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided value |
 | webapp/controller/app.controller.js:19:36:19:63 | oModel. ... input') | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:19:36:19:63 | oModel. ... input') | XSS vulnerability due to $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided value |
-| webapp/controller/app.controller.js:20:35:20:58 | unsanit ... ntent() | webapp/controller/app.controller.js:20:35:20:58 | unsanit ... ntent() | webapp/controller/app.controller.js:20:35:20:58 | unsanit ... ntent() | XSS vulnerability due to $@. | webapp/controller/app.controller.js:20:35:20:58 | unsanit ... ntent() | user-provided value |
 | webapp/controller/app.controller.js:20:35:20:58 | unsanit ... ntent() | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:20:35:20:58 | unsanit ... ntent() | XSS vulnerability due to $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided value |