CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.14 (changelog, source)
Index
Search

Module IncompleteHtmlAttributeSanitization

Import path

import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations

Classes

EncodingSanitizer

An encoder for potentially malicious characters, as a sanitizer for incomplete HTML sanitization vulnerabilities.

FlowState

A flow state to associate with a tracked value.

HtmlAttributeConcatenation

A concatenation that syntactically looks like a definition of an HTML attribute.

HtmlAttributeConcatenationAsSink

A concatenation that syntactically looks like a definition of an HTML attribute, as a sink for incomplete HTML sanitization vulnerabilities.

IncompleteHtmlSanitizerAsSource

A source of incompletely sanitized characters, considered as a flow source for incomplete HTML sanitization vulnerabilities.

Sanitizer

A sanitizer for incomplete HTML sanitization vulnerabilities.

Sink

A data flow sink for incomplete HTML sanitization vulnerabilities.

Source

A data flow source for incomplete HTML sanitization vulnerabilities.

Modules

FlowState

Predicates for working with flow states.