CodeQL library for JavaScript
Search

Module ExceptionXssQuery

Provides a taint-tracking configuration for reasoning about cross-site scripting vulnerabilities where the taint-flow passes through a thrown exception.

Import path

import semmle.javascript.security.dataflow.ExceptionXssQuery

Imports

ExceptionXss

Provides sources, sinks, and sanitizers for reasoning about cross-site scripting vulnerabilities where the taint-flow passes through a thrown exception.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

canThrowSensitiveInformation

Holds if node can possibly cause an exception containing sensitive information to be thrown.

getCallbackErrorParam

Gets the error parameter for a callback that is supplied to the same call as pred is an argument to. For example: outerCall(foo, <pred>, bar, (<result>, val) => { ... }).

Classes

Callback

A callback that is the last argument to some call, and the callback has the form: function (err, value) {if (err) {...} ... }

Configuration

A taint-tracking configuration for reasoning about XSS with possible exceptional flow. Flow labels are used to ensure that we only report taint-flow that has been thrown in an exception.

Aliases

DomBasedXssCustom
ReflectedXssCustom
XssShared

Provides classes and predicates shared between the XSS queries.