CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.3 (changelog, source)
Index
Search

Module DomBasedXss

Import path

import semmle.javascript.security.dataflow.DomBasedXssCustomizations

Imports

CommonFlowState

Contains a class with flow states that are used by multiple queries.

Predicates

isOptionallySanitizedNode

Holds if node should be considered optionally sanitized as it occurs in a branch that controls whether sanitization is enabled.

isPrefixOfJQueryHtmlString

Holds if prefix is a prefix of htmlString, which may be interpreted as HTML by a jQuery method.

prefixLabel

Gets the flow-label representing tainted values where the prefix is attacker controlled.

Classes

AngularRender2SetPropertyInnerHtmlSink2

A write to the innerHTML or outerHTML property of a DOM element, viewed as an XSS sink.

BarrierGuard

A barrier guard for any tainted value.

DangerouslySetInnerHtmlSink

A React dangerouslySetInnerHTML attribute, viewed as an XSS sink.

DomSink

An expression whose value is interpreted as HTML or CSS and may be inserted into the DOM.

EmailHtmlBodySink

The HTML body of an email, viewed as an XSS sink.

HtmlParserSink

An expression whose value is interpreted as HTML.

JQueryHtmlOrSelectorArgument

An argument to the jQuery $ function or similar, which is interpreted as either a selector or as an HTML string depending on its first character.

JQueryHtmlOrSelectorSink

An argument to the jQuery $ function or similar, which may be interpreted as HTML.

LibrarySink

An expression whose value is interpreted as HTML and may be inserted into the DOM through a library.

PrefixString

A flow-label representing tainted values where the prefix is attacker controlled.

PrefixStringSanitizer

A sanitizer that blocks the PrefixString label when the start of the string is being tested as being of a particular prefix.

RemoteFlowSourceAsSource

DEPRECATED: Use ActiveThreatModelSource from Concepts instead!

SafePipe

A value being piped into the safe pipe in a template file, disabling subsequent HTML escaping.

SafePropertyReadSanitizer

A property read from a safe property is considered a sanitizer.

Sanitizer

A sanitizer for DOM-based XSS vulnerabilities.

Sink

A data flow sink for DOM-based XSS vulnerabilities.

Source

A data flow source for DOM-based XSS vulnerabilities.

TemplateSink

A raw interpolation tag in a template file, viewed as an XSS sink.

TooltipSink

A React tooltip where the data-html attribute is set to true.

VHtmlSink

A Vue v-html attribute, viewed as an XSS sink.

VueCreateElementSink

The tag name argument to the createElement parameter of the render method of a Vue instance, viewed as an XSS sink.

VueTemplateSink

A write to the template option of a Vue instance, viewed as an XSS sink.

WriteUrlSink

A write to a URL which may execute JavaScript code.

Aliases

ClientSideUrlRedirect
isOptionallySanitizedEdge

DEPRECATED. Use isOptionallySanitizedNode instead.