For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

DOM

Module DOM

Provides predicates for reasoning about DOM types and methods.


                                import semmle.javascript.security.dataflow.DOM

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

isDomNode	Holds if `e` could hold a value that comes from the DOM.
isDomRootType	Holds if `tp` is one of the roots of the DOM type hierarchy.
isDomValue	DEPRECATED: Use `isDomNode` instead. Holds if `e` could hold a value that comes from the DOM.
isLocation	DEPRECATED: Use `isLocationNode` instead. Holds if `e` could refer to the `location` property of a DOM node.
isLocationNode	Holds if `e` could refer to the `location` property of a DOM node.
isSafeLocationProperty	DEPRECATED. In most cases, a sanitizer based on this predicate can be removed, as taint tracking no longer step through the properties of the location object by default.

DomGlobalVariable	A global variable whose declared type extends a DOM root type.
DomMethodCallExpr	DEPRECATED: Use `DomMethodCallNode` instead. A call to a DOM method.
DomMethodCallNode	A call to a DOM method.
DomPropWriteNode	DEPRECATED: Use `DomPropertyWrite` instead. An assignment to a property of a DOM object.
DomPropertyWrite	An assignment to a property of a DOM object.
PostMessageEventHandler	An event handler that handles `postMessage` events.
WebStorageWrite	A value written to web storage, like `localStorage` or `sessionStorage`.