CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.1-dev (changelog, source)
Search

Module ExceptionXss

Provides sources, sinks, and sanitizers for reasoning about cross-site scripting vulnerabilities where the taint-flow passes through a thrown exception.

Import path

import semmle.javascript.security.dataflow.ExceptionXssCustomizations

Classes

NotYetThrown

A FlowLabel representing tainted data that has not been thrown in an exception. In the js/xss-through-exception query data-flow can only reach a sink after the data has been thrown as an exception, and data that has not been thrown as an exception therefore has this flow label, and only this flow label, associated with it.

Source

A data flow source for XSS caused by interpreting exception or error text as HTML.