CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.1-dev (changelog, source)
Search

Module ReflectedXss

Import path

import semmle.javascript.security.dataflow.ReflectedXssCustomizations

Predicates

getAXssSafeHeaderDefinition

Gets a HeaderDefinition that defines a XSS safe content-type for send.

headerAffects

Holds if a header set in header is likely to affect a response sent at sender.

isLocalHeaderDefinition

Holds if the HeaderDefinition header seems to be local. A HeaderDefinition is local if it dominates exactly one ResponseSendArgument.

xssSafeContentTypeHeader

Holds if h may send a response with a content type that is safe for XSS.

xssUnsafeContentType

Gets a content-type that may lead to javascript code being executed in the browser. ref: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet#content-types

Classes

HttpResponseSink

An expression that is sent as part of an HTTP response, considered as an XSS sink.

Sanitizer

A sanitizer for reflected XSS vulnerabilities.

Sink

A data flow sink for reflected XSS vulnerabilities.

Source

A data flow source for reflected XSS vulnerabilities.

ThirdPartyRequestInputAccessAsSource

A third-party controllable request input, considered as a flow source for reflected XSS.