CodeQL library for Go
codeql/go-all 2.1.3 (changelog, source)
Search

Module SharedXss

Provides classes and predicates shared between the XSS queries.

Import path

import semmle.go.security.Xss

Classes

ErrorSanitizer

A http.Error function returns with the ContentType of text/plain, and is not a valid XSS sink

HtmlTemplateSanitizer

A Template from html/template will HTML-escape data automatically and therefore acts as a sanitizer for XSS vulnerabilities.

HttpResponseBodySink

An expression that is sent as part of an HTTP response body, considered as an XSS sink.

JsonMarshalSanitizer

A JSON marshaler, acting to sanitize a possible XSS vulnerability because the marshaled value is very unlikely to be returned as an HTML content-type.

MetacharEscapeSanitizer

A regexp replacement involving an HTML meta-character, or a call to an escape function, viewed as a sanitizer for XSS vulnerabilities.

RawTemplateInstantiationSink

An expression that is rendered as part of a template.

Sanitizer

A sanitizer for XSS vulnerabilities.

Sink

A data flow sink for XSS vulnerabilities.