CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.22 (changelog, source)
Index
Search

Module FunctionalityFromUntrustedSource

Provides classes for finding functionality that is loaded from untrusted sources and used in script or frame elements.

Import path

import semmle.javascript.security.FunctionalityFromUntrustedSource

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

isCdnDomainWithCheckingRequired

Holds for hostnames defined in data extensions

isUntrustedDomain

Holds for domains defined in data extensions

isUntrustedHostname

Holds if hostname refers to a domain or subdomain that is untrusted.

isUrlWithUntrustedDomain

Holds if url refers to an URL that uses an untrusted domain.

Classes

AddsUntrustedUrl

A location that adds a reference to an untrusted source.

Modules

DynamicCreation

Looks for dyanmic creation of an element and source.

StaticCreation

Looks for static creation of an element and source.