CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.1-dev (changelog, source)
Search

Module PostMessageStar

Import path

import semmle.javascript.security.dataflow.PostMessageStarCustomizations

Predicates

anyLabel

Gets either a standard flow label or the partial-taint label.

Classes

PartiallyTaintedObject

A flow label representing an object with at least one tainted property.

PostMessageStarSink

An expression sent using postMessage without restricting the target window origin.

ProtectSanitizer

A call to any function whose name suggests that it encodes or encrypts its arguments.

Sanitizer

A sanitizer for cross-window communication with unrestricted origin.

SensitiveExprSource

A sensitive expression, viewed as a data flow source for cross-window communication with unrestricted origin.

Sink

A data flow sink for cross-window communication with unrestricted origin.

Source

A data flow source for cross-window communication with unrestricted origin.