A flow label for values that represent the URL of the current document, and hence are only partially user-controlled.
An argument to
A sink which is used to set the window location.
A sanitizer that reads the first part a location split by “?”, e.g.
A source of remote user input, considered as a flow source for unvalidated URL redirects.
A sanitizer for unvalidated URL redirect vulnerabilities.
An expression that may be interpreted as the URL of a script.
A data flow sink for unvalidated URL redirect vulnerabilities.
A data flow source for unvalidated URL redirect vulnerabilities.
A script or iframe
An argument expression to