Injection attacks are some of the most serious security threats, and various techniques have been studied to prevent such attacks through program analysis. One of the typical dynamic analysis methods is Dynamic Taint Analysis (DTA), which adds a flag called taint to externally input data and detects an injection attack when these data reach a sink point where the system can be manipulated. However, DTA- based attack detection may produce many false positives and false negatives, especially in complex data flows. We consider that the high rate of false positives and negatives arises because the taint in DTA indicates whether data was controlled, not how much data was controlled. We propose Dynamic Controllability Analysis (DCA), an approach that approximates controllability by generalizing binary taint into natural numbers, indicating the extent of data control. We implemented DCA on a JavaScript runtime and evaluated the controllability computed by DCA. The evaluation results show that the controllability computed by DCA is sensitive to the presence or absence of an injection attack, yielding very low values when the system is safe and very high values when an attack is present.