Module ExceptionXssQuery
Provides a taint-tracking configuration for reasoning about cross-site scripting vulnerabilities where the taint-flow passes through a thrown exception.
Import path
import semmle.javascript.security.dataflow.ExceptionXssQuery
Imports
ExceptionXss | Provides sources, sinks, and sanitizers for reasoning about cross-site scripting vulnerabilities where the taint-flow passes through a thrown exception. |
javascript | Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML. |
Predicates
canThrowSensitiveInformation | Holds if |
getCallbackErrorParam | Gets the error parameter for a callback that is supplied to the same call as |
Classes
Callback | A callback that is the last argument to some call, and the callback has the form: |
Configuration | A taint-tracking configuration for reasoning about XSS with possible exceptional flow. Flow labels are used to ensure that we only report taint-flow that has been thrown in an exception. |
Aliases
DomBasedXssCustom | |
ReflectedXssCustom | |
XssShared | Provides classes and predicates shared between the XSS queries. |