CodeQL library for JavaScript
Search

Module StoredXss

Provides default sources, sinks and sanitizers for reasoning about stored cross-site scripting vulnerabilities.

Import path

import semmle.javascript.security.dataflow.StoredXssCustomizations

Classes

FileNameSourceAsSource

A file name, considered as a flow source for stored XSS.

Sanitizer

A sanitizer for stored XSS vulnerabilities.

Sink

A data flow sink for stored XSS vulnerabilities.

Source

A data flow source for stored XSS vulnerabilities.

UserControlledTorrentInfoAsSource

An instance of user-controlled torrent information, considered as a flow source for stored XSS.