CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.1.1 (changelog, source)
Search

Module IncompleteHtmlAttributeSanitization

Import path

import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations

Classes

EncodingSanitizer

An encoder for potentially malicious characters, as a sanitizer for incomplete HTML sanitization vulnerabilities.

HtmlAttributeConcatenation

A concatenation that syntactically looks like a definition of an HTML attribute.

HtmlAttributeConcatenationAsSink

A concatenation that syntactically looks like a definition of an HTML attribute, as a sink for incomplete HTML sanitization vulnerabilities.

IncompleteHtmlSanitizerAsSource

A source of incompletely sanitized characters, considered as a flow source for incomplete HTML sanitization vulnerabilities.

Sanitizer

A sanitizer for incomplete HTML sanitization vulnerabilities.

Sink

A data flow sink for incomplete HTML sanitization vulnerabilities.

Source

A data flow source for incomplete HTML sanitization vulnerabilities.