CodeQL library for JavaScript
Search

Module ReflectedXss

Import path

import semmle.javascript.security.dataflow.ReflectedXssCustomizations

Predicates

getANonHtmlHeaderDefinition

Gets a HeaderDefinition that defines a non-html content-type for send.

headerAffects

Holds if a header set in header is likely to affect a response sent at sender.

isLocalHeaderDefinition

Holds if the HeaderDefinition header seems to be local. A HeaderDefinition is local if it dominates exactly one ResponseSendArgument.

nonHtmlContentTypeHeader

Holds if h may send a response with a content type other than HTML.

Classes

HttpResponseSink

An expression that is sent as part of an HTTP response, considered as an XSS sink.

Sanitizer

A sanitizer for reflected XSS vulnerabilities.

Sink

A data flow sink for reflected XSS vulnerabilities.

Source

A data flow source for reflected XSS vulnerabilities.

ThirdPartyRequestInputAccessAsSource

A third-party controllable request input, considered as a flow source for reflected XSS.