CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.23 (changelog, source)
Index
Search

Module StaticCreation

Looks for static creation of an element and source.

Import path

import semmle.javascript.security.FunctionalityFromUntrustedSource

Predicates

isCdnUrlWithCheckingRequired

Holds if url refers to a CDN that needs an integrity check - even with https.

isLocalhostPrefix

Holds if host is an alias of localhost.

isUntrustedSourceUrl

Holds if url is a url that is vulnerable to a MITM attack.

Classes

CdnScriptElementWithUntrustedContent

A script element that refers to untrusted content.

IframeElementWithUntrustedContent

An iframe element that includes untrusted content.

ScriptElementWithUntrustedContent

A script element that refers to untrusted content.