diff --git a/javascript/ql/test/library-tests/frameworks/ExpressValidator/Validators.expected b/javascript/ql/test/library-tests/frameworks/ExpressValidator/Validators.expected
index fbc4f3274e10..acb96bdf502f 100644
--- a/javascript/ql/test/library-tests/frameworks/ExpressValidator/Validators.expected
+++ b/javascript/ql/test/library-tests/frameworks/ExpressValidator/Validators.expected
@@ -1,10 +1,10 @@
-| src/validators.js:7:22:7:36 | query('search') | parameter | search |
-| src/validators.js:10:22:10:34 | query('type') | parameter | type |
-| src/validators.js:13:22:13:35 | query('email') | parameter | email |
-| src/validators.js:16:22:16:34 | query('type') | parameter | type |
-| src/validators.js:19:22:19:36 | query('search') | parameter | search |
-| src/validators.js:23:28:23:42 | query('search') | parameter | search |
-| src/validators.js:23:54:23:66 | query('type') | parameter | type |
-| src/validators.js:23:77:23:90 | query('email') | parameter | email |
-| src/validators.js:30:24:30:38 | query('search') | parameter | search |
-| src/validators.js:33:24:33:35 | body('name') | body | name |
+| src/validator.js:7:22:7:36 | query('search') | parameter | search |
+| src/validator.js:10:22:10:34 | query('type') | parameter | type |
+| src/validator.js:13:22:13:35 | query('email') | parameter | email |
+| src/validator.js:16:22:16:34 | query('type') | parameter | type |
+| src/validator.js:19:22:19:36 | query('search') | parameter | search |
+| src/validator.js:25:6:25:20 | query('search') | parameter | search |
+| src/validator.js:25:32:25:44 | query('type') | parameter | type |
+| src/validator.js:25:55:25:68 | query('email') | parameter | email |
+| src/validator.js:34:24:34:38 | query('search') | parameter | search |
+| src/validator.js:37:24:37:35 | body('name') | body | name |
diff --git a/javascript/ql/test/library-tests/frameworks/ExpressValidator/XSS.expected b/javascript/ql/test/library-tests/frameworks/ExpressValidator/XSS.expected
index b46754fc7a2b..1c84b391a992 100644
--- a/javascript/ql/test/library-tests/frameworks/ExpressValidator/XSS.expected
+++ b/javascript/ql/test/library-tests/frameworks/ExpressValidator/XSS.expected
@@ -1,30 +1,98 @@
nodes
-| src/validators.js:35:21:35:62 | `Se ... !
` |
-| src/validators.js:35:21:35:62 | `Se ... !
` |
-| src/validators.js:35:39:35:54 | req.query.search |
-| src/validators.js:35:39:35:54 | req.query.search |
-| src/validators.js:38:21:38:60 | `Se ... !
` |
-| src/validators.js:38:21:38:60 | `Se ... !
` |
-| src/validators.js:38:39:38:52 | req.query.name |
-| src/validators.js:38:39:38:52 | req.query.name |
-| src/validators.js:41:21:41:60 | `Se ... !
` |
-| src/validators.js:41:21:41:60 | `Se ... !
` |
-| src/validators.js:41:39:41:52 | req.query.name |
-| src/validators.js:41:39:41:52 | req.query.name |
+| src/validator.js:8:21:8:62 | `Se ... !
` |
+| src/validator.js:8:21:8:62 | `Se ... !
` |
+| src/validator.js:8:39:8:54 | req.query.search |
+| src/validator.js:8:39:8:54 | req.query.search |
+| src/validator.js:11:21:11:55 | `Ty ... !
` |
+| src/validator.js:11:21:11:55 | `Ty ... !
` |
+| src/validator.js:11:34:11:47 | req.query.type |
+| src/validator.js:11:34:11:47 | req.query.type |
+| src/validator.js:14:21:14:57 | `Em ... !
` |
+| src/validator.js:14:21:14:57 | `Em ... !
` |
+| src/validator.js:14:35:14:49 | req.query.email |
+| src/validator.js:14:35:14:49 | req.query.email |
+| src/validator.js:17:21:17:55 | `Ty ... !
` |
+| src/validator.js:17:21:17:55 | `Ty ... !
` |
+| src/validator.js:17:34:17:47 | req.query.type |
+| src/validator.js:17:34:17:47 | req.query.type |
+| src/validator.js:20:21:20:62 | `Se ... !
` |
+| src/validator.js:20:21:20:62 | `Se ... !
` |
+| src/validator.js:20:39:20:54 | req.query.search |
+| src/validator.js:20:39:20:54 | req.query.search |
+| src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:43:27:58 | req.query.search |
+| src/validator.js:27:43:27:58 | req.query.search |
+| src/validator.js:27:65:27:78 | req.query.type |
+| src/validator.js:27:65:27:78 | req.query.type |
+| src/validator.js:27:97:27:111 | req.query.email |
+| src/validator.js:27:97:27:111 | req.query.email |
+| src/validator.js:32:21:32:62 | `Se ... !
` |
+| src/validator.js:32:21:32:62 | `Se ... !
` |
+| src/validator.js:32:39:32:54 | req.query.search |
+| src/validator.js:32:39:32:54 | req.query.search |
+| src/validator.js:35:21:35:60 | `Se ... !
` |
+| src/validator.js:35:21:35:60 | `Se ... !
` |
+| src/validator.js:35:39:35:52 | req.query.name |
+| src/validator.js:35:39:35:52 | req.query.name |
+| src/validator.js:38:21:38:60 | `Se ... !
` |
+| src/validator.js:38:21:38:60 | `Se ... !
` |
+| src/validator.js:38:39:38:52 | req.query.name |
+| src/validator.js:38:39:38:52 | req.query.name |
edges
-| src/validators.js:35:39:35:54 | req.query.search | src/validators.js:35:21:35:62 | `Se ... !
` |
-| src/validators.js:35:39:35:54 | req.query.search | src/validators.js:35:21:35:62 | `Se ... !
` |
-| src/validators.js:35:39:35:54 | req.query.search | src/validators.js:35:21:35:62 | `Se ... !
` |
-| src/validators.js:35:39:35:54 | req.query.search | src/validators.js:35:21:35:62 | `Se ... !
` |
-| src/validators.js:38:39:38:52 | req.query.name | src/validators.js:38:21:38:60 | `Se ... !
` |
-| src/validators.js:38:39:38:52 | req.query.name | src/validators.js:38:21:38:60 | `Se ... !
` |
-| src/validators.js:38:39:38:52 | req.query.name | src/validators.js:38:21:38:60 | `Se ... !
` |
-| src/validators.js:38:39:38:52 | req.query.name | src/validators.js:38:21:38:60 | `Se ... !
` |
-| src/validators.js:41:39:41:52 | req.query.name | src/validators.js:41:21:41:60 | `Se ... !
` |
-| src/validators.js:41:39:41:52 | req.query.name | src/validators.js:41:21:41:60 | `Se ... !
` |
-| src/validators.js:41:39:41:52 | req.query.name | src/validators.js:41:21:41:60 | `Se ... !
` |
-| src/validators.js:41:39:41:52 | req.query.name | src/validators.js:41:21:41:60 | `Se ... !
` |
+| src/validator.js:8:39:8:54 | req.query.search | src/validator.js:8:21:8:62 | `Se ... !
` |
+| src/validator.js:8:39:8:54 | req.query.search | src/validator.js:8:21:8:62 | `Se ... !
` |
+| src/validator.js:8:39:8:54 | req.query.search | src/validator.js:8:21:8:62 | `Se ... !
` |
+| src/validator.js:8:39:8:54 | req.query.search | src/validator.js:8:21:8:62 | `Se ... !
` |
+| src/validator.js:11:34:11:47 | req.query.type | src/validator.js:11:21:11:55 | `Ty ... !
` |
+| src/validator.js:11:34:11:47 | req.query.type | src/validator.js:11:21:11:55 | `Ty ... !
` |
+| src/validator.js:11:34:11:47 | req.query.type | src/validator.js:11:21:11:55 | `Ty ... !
` |
+| src/validator.js:11:34:11:47 | req.query.type | src/validator.js:11:21:11:55 | `Ty ... !
` |
+| src/validator.js:14:35:14:49 | req.query.email | src/validator.js:14:21:14:57 | `Em ... !
` |
+| src/validator.js:14:35:14:49 | req.query.email | src/validator.js:14:21:14:57 | `Em ... !
` |
+| src/validator.js:14:35:14:49 | req.query.email | src/validator.js:14:21:14:57 | `Em ... !
` |
+| src/validator.js:14:35:14:49 | req.query.email | src/validator.js:14:21:14:57 | `Em ... !
` |
+| src/validator.js:17:34:17:47 | req.query.type | src/validator.js:17:21:17:55 | `Ty ... !
` |
+| src/validator.js:17:34:17:47 | req.query.type | src/validator.js:17:21:17:55 | `Ty ... !
` |
+| src/validator.js:17:34:17:47 | req.query.type | src/validator.js:17:21:17:55 | `Ty ... !
` |
+| src/validator.js:17:34:17:47 | req.query.type | src/validator.js:17:21:17:55 | `Ty ... !
` |
+| src/validator.js:20:39:20:54 | req.query.search | src/validator.js:20:21:20:62 | `Se ... !
` |
+| src/validator.js:20:39:20:54 | req.query.search | src/validator.js:20:21:20:62 | `Se ... !
` |
+| src/validator.js:20:39:20:54 | req.query.search | src/validator.js:20:21:20:62 | `Se ... !
` |
+| src/validator.js:20:39:20:54 | req.query.search | src/validator.js:20:21:20:62 | `Se ... !
` |
+| src/validator.js:27:43:27:58 | req.query.search | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:43:27:58 | req.query.search | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:43:27:58 | req.query.search | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:43:27:58 | req.query.search | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:65:27:78 | req.query.type | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:65:27:78 | req.query.type | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:65:27:78 | req.query.type | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:65:27:78 | req.query.type | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:97:27:111 | req.query.email | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:97:27:111 | req.query.email | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:97:27:111 | req.query.email | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:27:97:27:111 | req.query.email | src/validator.js:27:25:27:118 | `Se ... }` |
+| src/validator.js:32:39:32:54 | req.query.search | src/validator.js:32:21:32:62 | `Se ... !
` |
+| src/validator.js:32:39:32:54 | req.query.search | src/validator.js:32:21:32:62 | `Se ... !
` |
+| src/validator.js:32:39:32:54 | req.query.search | src/validator.js:32:21:32:62 | `Se ... !
` |
+| src/validator.js:32:39:32:54 | req.query.search | src/validator.js:32:21:32:62 | `Se ... !
` |
+| src/validator.js:35:39:35:52 | req.query.name | src/validator.js:35:21:35:60 | `Se ... !
` |
+| src/validator.js:35:39:35:52 | req.query.name | src/validator.js:35:21:35:60 | `Se ... !
` |
+| src/validator.js:35:39:35:52 | req.query.name | src/validator.js:35:21:35:60 | `Se ... !
` |
+| src/validator.js:35:39:35:52 | req.query.name | src/validator.js:35:21:35:60 | `Se ... !
` |
+| src/validator.js:38:39:38:52 | req.query.name | src/validator.js:38:21:38:60 | `Se ... !
` |
+| src/validator.js:38:39:38:52 | req.query.name | src/validator.js:38:21:38:60 | `Se ... !
` |
+| src/validator.js:38:39:38:52 | req.query.name | src/validator.js:38:21:38:60 | `Se ... !
` |
+| src/validator.js:38:39:38:52 | req.query.name | src/validator.js:38:21:38:60 | `Se ... !
` |
#select
-| src/validators.js:35:21:35:62 | `Se ... !
` | src/validators.js:35:39:35:54 | req.query.search | src/validators.js:35:21:35:62 | `Se ... !
` | Cross-site scripting vulnerability due to a $@. | src/validators.js:35:39:35:54 | req.query.search | user-provided value |
-| src/validators.js:38:21:38:60 | `Se ... !
` | src/validators.js:38:39:38:52 | req.query.name | src/validators.js:38:21:38:60 | `Se ... !
` | Cross-site scripting vulnerability due to a $@. | src/validators.js:38:39:38:52 | req.query.name | user-provided value |
-| src/validators.js:41:21:41:60 | `Se ... !
` | src/validators.js:41:39:41:52 | req.query.name | src/validators.js:41:21:41:60 | `Se ... !
` | Cross-site scripting vulnerability due to a $@. | src/validators.js:41:39:41:52 | req.query.name | user-provided value |
+| src/validator.js:8:21:8:62 | `Se ... !
` | src/validator.js:8:39:8:54 | req.query.search | src/validator.js:8:21:8:62 | `Se ... !
` | Cross-site scripting vulnerability due to a $@. | src/validator.js:8:39:8:54 | req.query.search | user-provided value |
+| src/validator.js:11:21:11:55 | `Ty ... !
` | src/validator.js:11:34:11:47 | req.query.type | src/validator.js:11:21:11:55 | `Ty ... !
` | Cross-site scripting vulnerability due to a $@. | src/validator.js:11:34:11:47 | req.query.type | user-provided value |
+| src/validator.js:14:21:14:57 | `Em ... !
` | src/validator.js:14:35:14:49 | req.query.email | src/validator.js:14:21:14:57 | `Em ... !
` | Cross-site scripting vulnerability due to a $@. | src/validator.js:14:35:14:49 | req.query.email | user-provided value |
+| src/validator.js:17:21:17:55 | `Ty ... !
` | src/validator.js:17:34:17:47 | req.query.type | src/validator.js:17:21:17:55 | `Ty ... !
` | Cross-site scripting vulnerability due to a $@. | src/validator.js:17:34:17:47 | req.query.type | user-provided value |
+| src/validator.js:20:21:20:62 | `Se ... !
` | src/validator.js:20:39:20:54 | req.query.search | src/validator.js:20:21:20:62 | `Se ... !
` | Cross-site scripting vulnerability due to a $@. | src/validator.js:20:39:20:54 | req.query.search | user-provided value |
+| src/validator.js:27:25:27:118 | `Se ... }` | src/validator.js:27:43:27:58 | req.query.search | src/validator.js:27:25:27:118 | `Se ... }` | Cross-site scripting vulnerability due to a $@. | src/validator.js:27:43:27:58 | req.query.search | user-provided value |
+| src/validator.js:27:25:27:118 | `Se ... }` | src/validator.js:27:65:27:78 | req.query.type | src/validator.js:27:25:27:118 | `Se ... }` | Cross-site scripting vulnerability due to a $@. | src/validator.js:27:65:27:78 | req.query.type | user-provided value |
+| src/validator.js:27:25:27:118 | `Se ... }` | src/validator.js:27:97:27:111 | req.query.email | src/validator.js:27:25:27:118 | `Se ... }` | Cross-site scripting vulnerability due to a $@. | src/validator.js:27:97:27:111 | req.query.email | user-provided value |
+| src/validator.js:32:21:32:62 | `Se ... !
` | src/validator.js:32:39:32:54 | req.query.search | src/validator.js:32:21:32:62 | `Se ... !
` | Cross-site scripting vulnerability due to a $@. | src/validator.js:32:39:32:54 | req.query.search | user-provided value |
+| src/validator.js:35:21:35:60 | `Se ... !
` | src/validator.js:35:39:35:52 | req.query.name | src/validator.js:35:21:35:60 | `Se ... !
` | Cross-site scripting vulnerability due to a $@. | src/validator.js:35:39:35:52 | req.query.name | user-provided value |
+| src/validator.js:38:21:38:60 | `Se ... !
` | src/validator.js:38:39:38:52 | req.query.name | src/validator.js:38:21:38:60 | `Se ... !
` | Cross-site scripting vulnerability due to a $@. | src/validator.js:38:39:38:52 | req.query.name | user-provided value |