CodeQL library for JavaScript
Search

Module DOM

Provides predicates for reasoning about DOM types and methods.

Import path

import semmle.javascript.security.dataflow.DOM

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

document

Gets a reference to the ‘document’ object.

isDocument

Holds if e could refer to the document object.

isDocumentURL

Holds if e could refer to the document URL.

isDomRootType

Holds if tp is one of the roots of the DOM type hierarchy.

isDomValue

Holds if e could hold a value that comes from the DOM.

isLocation

Holds if e could refer to the location property of a DOM node.

isSafeLocationProperty

DEPRECATED. In most cases, a sanitizer based on this predicate can be removed, as taint tracking no longer step through the properties of the location object by default.

Classes

DOMGlobalVariable

A global variable whose declared type extends a DOM root type.

DomMethodCallExpr

A call to a DOM method.

DomPropWriteNode

An assignment to a property of a DOM object.

PostMessageEventHandler

An event handler that handles postMessage events.

WebStorageWrite

A value written to web storage, like localStorage or sessionStorage.