CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.2 (changelog, source)
Search

Module DomBasedXssQuery

Provides a taint-tracking configuration for reasoning about DOM-based cross-site scripting vulnerabilities.

Import path

import semmle.javascript.security.dataflow.DomBasedXssQuery

Imports

DomBasedXss
javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

A taint-tracking configuration for reasoning about XSS. Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks. - HTML sinks are sinks for any tainted value - URL sinks are only sinks when the scheme is user controlled - JQuery selector sinks are sinks when the tainted value can start with <.

HtmlSink

A sink that is not a URL write or a JQuery selector, assumed to be a value that is interpreted as HTML.