CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.8.12 (changelog, source)
Search

Class Vue::VHtmlAttributeStep

A taint propagating data flow edge through a string interpolation of a Vue instance property to a v-html attribute.

As an example, <div v-html="prop"/> reads the prop property of inst = new Vue({ ..., data: { prop: source } }), if the div element is part of the template for inst.

Import path

import javascript

Direct supertypes

Indirect supertypes

Predicates

viewComponentStep

Holds if predsucc should be considered a taint-propagating data flow edge through the state or props or a React component.

Inherited predicates

arrayStep

Holds if predsucc should be considered a taint-propagating data flow edge through arrays.

from SharedTaintStep
deserializeStep

Holds if predsucc should be considered a taint-propagating data flow edge through data deserialization, such as JSON.parse.

from SharedTaintStep
heapStep

Holds if predsucc should be considered a taint-propagating data flow edge through the heap.

from SharedTaintStep
heuristicStep

Holds if predsucc should be considered a taint-propagating data flow edge contributed by the heuristics library.

from SharedTaintStep
persistentStorageStep

Holds if predsucc should be considered a taint-propagating data flow edge through persistent storage.

from SharedTaintStep
promiseStep

Holds if predsucc should be considered a taint-propagating data flow edge through a promise.

from SharedTaintStep
serializeStep

Holds if predsucc should be considered a taint-propagating data flow edge through data serialization, such as JSON.stringify.

from SharedTaintStep
step

Holds if predsucc should be considered a taint-propagating data flow edge.

from SharedTaintStep
stringConcatenationStep

Holds if predsucc should be considered a taint-propagating data flow edge through string concatenation.

from SharedTaintStep
stringManipulationStep

Holds if predsucc should be considered a taint-propagating data flow edge through string manipulation (other than concatenation).

from SharedTaintStep
toString

Gets a textual representation of this element.

from Unit
uriStep

Holds if predsucc should be considered a taint-propagating data flow edge through URI manipulation.

from SharedTaintStep