Module TemplateObjectInjection

Provides sources, sinks and sanitizers for reasoning about template object injection vulnerabilities.

Import path

import semmle.javascript.security.dataflow.TemplateObjectInjectionCustomizations

Contains a class with flow states that are used by multiple queries.

Holds if the “view engine” of router is set to a vulnerable templating engine.

Sanitizer	A sanitizer for template object injection vulnerabilities.
Sink	A data flow sink for template object injection vulnerabilities.
Source	A data flow source for template object injection vulnerabilities.