CodeQL library for C#
codeql/csharp-all 5.2.7-dev (changelog, source)
Index
Search

Module Html

Provides classes representing HTML data flow sinks.

Import path

import semmle.code.csharp.security.dataflow.flowsinks.Html

Imports

csharp

The default C# QL library.

Classes

AspNetCoreHtmlSink

An ASP.NET Core HTML sink.

AttributeCollectionSink

DEPRECATED: Attribute collections are no longer considered HTML sinks.

HtmlSink

A sink where the value of the expression may be rendered as HTML, without implicit HTML encoding.

HtmlString

An expression passed to the constructor of an HtmlString or a MvcHtmlString.

HtmlTextWriterSink

An expression that is used as an argument to an HTML sink method on HtmlTextWriter.

MicrosoftAspNetCoreMvcHtmlHelperRawSink

An expression that is used as an argument to IHtmlHelper.Raw, typically in a .cshtml file.

MicrosoftAspNetHtmlStringSink

HtmlString that may be rendered as is need to have sanitized value.

MicrosoftAspNetRazorPageWriteLiteralSink

An expression that is used as an argument to Page.WriteLiteral in ASP.NET 6.0 razor page, typically in a .cshtml file.

SetAttributeSink

An expression that is used as the second argument HtmlElement.SetAttribute.

SystemWebMvcHtmlHelperRawSink

An expression that is used as an argument to HtmlHelper.Raw, typically in a .cshtml file.

SystemWebSetterHtmlSink

An expression that is used as an argument to an HTML sink setter, on a class within the System.Web.UI namespace.

ToHtmlString

An expression that is returned from a ToHtmlString method.

WebPageWriteLiteralSink

An expression that is used as an argument to Page.WriteLiteral, typically in a .cshtml file.

WebPageWriteLiteralToSink

An expression that is used as an argument to Page.WriteLiteralTo, typically in a .cshtml file.