CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.5.1-dev (changelog, source)
Index
Search

Module PostMessageStar

Import path

import semmle.javascript.security.dataflow.PostMessageStarCustomizations

Predicates

anyLabel

DEPRECATED. This query no longer uses flow state.

Classes

PartiallyTaintedObject

DEPRECATED. This query no longer uses flow state.

PostMessageStarSink

An expression sent using postMessage without restricting the target window origin.

ProtectSanitizer

A call to any function whose name suggests that it encodes or encrypts its arguments.

Sanitizer

A sanitizer for cross-window communication with unrestricted origin.

SensitiveExprSource

A sensitive expression, viewed as a data flow source for cross-window communication with unrestricted origin.

Sink

A data flow sink for cross-window communication with unrestricted origin.

Source

A data flow source for cross-window communication with unrestricted origin.