CodeQL library for Go
codeql/go-all 2.1.3-dev (changelog, source)
Search

Module XNetHtml

Provides classes modeling security-relevant aspects of the golang.org/x/net/html subpackage.

Currently we support the unmarshalling aspect of this package, conducting taint from an untrusted reader to an untrusted Node tree or Tokenizer instance, as well as simple remarshalling of Nodes that were already untrusted. We do not yet model adding a child Node to a tree then calling Render yielding an untrustworthy string.

Import path

import semmle.go.frameworks.XNetHtml

Imports

go

Provides classes for working with Go programs.

Modules

XNetHtml

Provides models of commonly used functions in the golang.org/x/net/html subpackage.