Module SharedXss
Provides classes and predicates shared between the XSS queries.
Import path
import semmle.go.security.XssClasses
| ErrorSanitizer | A http.Error function returns with the ContentType of text/plain, and is not a valid XSS sink |
| HtmlTemplateSanitizer | A |
| HttpResponseBodySink | An expression that is sent as part of an HTTP response body, considered as an XSS sink. |
| JsonMarshalSanitizer | A JSON marshaler, acting to sanitize a possible XSS vulnerability because the marshaled value is very unlikely to be returned as an HTML content-type. |
| MetacharEscapeSanitizer | A regexp replacement involving an HTML meta-character, or a call to an escape function, viewed as a sanitizer for XSS vulnerabilities. |
| RawTemplateInstantiationSink | An expression that is rendered as part of a template. |
| Sanitizer | A sanitizer for XSS vulnerabilities. |
| Sink | A data flow sink for XSS vulnerabilities. |