Module ExceptionXssQuery

Provides a taint-tracking configuration for reasoning about cross-site scripting vulnerabilities where the taint-flow passes through a thrown exception.

Import path

import semmle.javascript.security.dataflow.ExceptionXssQuery

Imports

ExceptionXss	Provides sources, sinks, and sanitizers for reasoning about cross-site scripting vulnerabilities where the taint-flow passes through a thrown exception.
javascript	Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

canThrowSensitiveInformation	Holds if `node` can possibly cause an exception containing sensitive information to be thrown.
getCallbackErrorParam	Gets the error parameter for a callback that is supplied to the same call as `pred` is an argument to. For example: `outerCall(foo, <pred>, bar, (<result>, val) => { ... })`.

Classes

Callback	A callback that is the last argument to some call, and the callback has the form: `function (err, value) {if (err) {...} ... }`
Configuration	DEPRECATED. Use the `ExceptionXssFlow` module instead.

Modules

ExceptionXssConfig

A taint-tracking configuration for reasoning about XSS with possible exceptional flow. Flow states are used to ensure that we only report taint-flow that has been thrown in an exception.

Aliases

DomBasedXssCustom
ExceptionXssFlow	Taint-tracking for reasoning about XSS with possible exceptional flow.
ReflectedXssCustom
XssShared	Provides classes and predicates shared between the XSS queries.