CodeQL library for JavaScript
codeql/javascript-all 0.7.5 ( changelog , source )
Search

Module DOM

Provides predicates for reasoning about DOM types and methods.

Import path

import semmle.javascript.security.dataflow.DOM

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

isDomNode

Holds if e could hold a value that comes from the DOM.

isDomRootType

Holds if tp is one of the roots of the DOM type hierarchy.

isDomValue

DEPRECATED: Use isDomNode instead. Holds if e could hold a value that comes from the DOM.

isLocation

DEPRECATED: Use isLocationNode instead. Holds if e could refer to the location property of a DOM node.

isLocationNode

Holds if e could refer to the location property of a DOM node.

isSafeLocationProperty

DEPRECATED. In most cases, a sanitizer based on this predicate can be removed, as taint tracking no longer step through the properties of the location object by default.

Classes

DomGlobalVariable

A global variable whose declared type extends a DOM root type.

DomMethodCallExpr

DEPRECATED: Use DomMethodCallNode instead. A call to a DOM method.

DomMethodCallNode

A call to a DOM method.

DomPropWriteNode

DEPRECATED: Use DomPropertyWrite instead. An assignment to a property of a DOM object.

DomPropertyWrite

An assignment to a property of a DOM object.

PostMessageEventHandler

An event handler that handles postMessage events.

WebStorageWrite

A value written to web storage, like localStorage or sessionStorage.