CodeQL library for C#
codeql/csharp-all 0.5.1 (changelog, source)
Search

Predicate xssFlow

Holds if there is tainted flow from source to sink that may lead to a cross-site scripting (XSS) vulnerability, with message providing a description of the source. This is the main predicate to use in XSS queries.

Import path

import semmle.code.csharp.security.dataflow.XSSQuery
predicate xssFlow(XssNode source, XssNode sink, string message)