JS: Accept test change in UnsafeHtmlConstruction

Our DOM model doesn't model 'document.implementation', and it seem we don't need to

Author: asgerf

javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected

@@ -127,6 +127,3 @@ nodes
 | typed.ts:1:39:1:39 | s | semmle.label | s |
 | typed.ts:2:29:2:29 | s | semmle.label | s |
 subpaths
-testFailures
-| typed.ts:6:56:6:66 | // $ Source | Missing result: Source |
-| typed.ts:8:55:8:131 | // $ SP ... in DOM. | Fixed spurious result: Alert |

javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/typed.ts

@@ -3,9 +3,9 @@ export function basicHtmlConstruction(s: string) { // $ Source
     document.body.innerHTML = html;
 }
 
-export function insertIntoCreatedDocument(s: string) { // $ Source
+export function insertIntoCreatedDocument(s: string) {
     const newDoc = document.implementation.createHTMLDocument("");
-    newDoc.body.innerHTML = "<span>" + s + "</span>"; // $ SPURIOUS: Alert - inserted into document disconnected from the main DOM.
+    newDoc.body.innerHTML = "<span>" + s + "</span>"; // OK - inserted into document disconnected from the main DOM.
 }
 
 export function id(s: string) {
@@ -17,4 +17,3 @@ export function notVulnerable() {
     const html = "<span>" + s + "</span>";
     document.body.innerHTML = html;
 }
-