JS: Use clearsContent from variable-capture output

Author: asgerf

javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll

@@ -1616,6 +1616,11 @@ predicate clearsContent(Node n, ContentSet c) {
   VariableCaptureOutput::storeStep(getClosureNode(n), _, _) and
   c = MkAnyCapturedContent()
   or
+  exists(LocalVariableOrThis v |
+    VariableCaptureOutput::clearsContent(getClosureNode(n), v) and
+    c.asSingleton().asCapturedVariable() = v
+  )
+  or
   // Block flow into the "window.location" property, as any assignment/mutation to this causes a page load and stops execution.
   // The use of clearsContent here ensures we also block assignments like `window.location.href = ...`
   exists(DataFlow::PropRef ref |