Module SharedXss
Provides classes and predicates shared between the XSS queries.
Import path
import semmle.go.security.Xss
Classes
ErrorSanitizer | A http.Error function returns with the ContentType of text/plain, and is not a valid XSS sink |
HtmlTemplateSanitizer | A |
HttpResponseBodySink | An expression that is sent as part of an HTTP response body, considered as an XSS sink. |
JsonMarshalSanitizer | A JSON marshaler, acting to sanitize a possible XSS vulnerability because the marshaled value is very unlikely to be returned as an HTML content-type. |
MetacharEscapeSanitizer | A regexp replacement involving an HTML meta-character, or a call to an escape function, viewed as a sanitizer for XSS vulnerabilities. |
RawTemplateInstantiationSink | An expression that is rendered as part of a template. |
Sanitizer | A sanitizer for XSS vulnerabilities. |
Sink | A data flow sink for XSS vulnerabilities. |