Module DynamicCreation

Looks for dyanmic creation of an element and source.

Import path

import semmle.javascript.security.FunctionalityFromUntrustedSource

getAttributeAssignmentRhs	Get the right-hand side of an assignment to a named attribute.
isAssignedToSrcAttribute	Holds if `sink` is assigned to the attribute `name` of any HTML element.
isCreateElementNode	Holds if `call` creates a tag of kind `name`.
isCreateScriptNodeWoIntegrityCheck	Holds if `createCall` creates a `<script ../>` element which never has its `integrity` attribute set locally.
urlTrackedFromUnsafeSourceLiteral	Holds a dataflow node is traked from an untrusted source.
urlTrackedFromUnsafeSourceLiteral	Holds if `t` tracks a URL that is loaded from an untrusted source.

A script or iframe element that refers to untrusted content.