For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

Html

Module Html

Provides classes representing HTML data flow sinks.

Import path


                                import semmle.code.csharp.security.dataflow.flowsinks.Html

Imports

csharp

The default C# QL library.

Classes

AspNetCoreHtmlSink	An ASP.NET Core HTML sink.
AttributeCollectionSink	An expression that is used as an argument to an HTML sink method on `AttributeCollection`.
HtmlSink	A sink where the value of the expression may be rendered as HTML, without implicit HTML encoding.
HtmlString	An expression passed to the constructor of an `HtmlString` or a `MvcHtmlString`.
HtmlTextWriterSink	An expression that is used as an argument to an HTML sink method on `HtmlTextWriter`.
MicrosoftAspNetCoreMvcHtmlHelperRawSink	An expression that is used as an argument to `IHtmlHelper.Raw`, typically in a `.cshtml` file.
MicrosoftAspNetHtmlStringSink	`HtmlString` that may be rendered as is need to have sanitized value.
MicrosoftAspNetRazorPageWriteLiteralSink	An expression that is used as an argument to `Page.WriteLiteral` in ASP.NET 6.0 razor page, typically in a `.cshtml` file.
SetAttributeSink	An expression that is used as the second argument `HtmlElement.SetAttribute`.
SystemWebMvcHtmlHelperRawSink	An expression that is used as an argument to `HtmlHelper.Raw`, typically in a `.cshtml` file.
SystemWebSetterHtmlSink	An expression that is used as an argument to an HTML sink setter, on a class within the `System.Web.UI` namespace.
ToHtmlString	An expression that is returned from a `ToHtmlString` method.
WebPageWriteLiteralSink	An expression that is used as an argument to `Page.WriteLiteral`, typically in a `.cshtml` file.
WebPageWriteLiteralToSink	An expression that is used as an argument to `Page.WriteLiteralTo`, typically in a `.cshtml` file.