CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.21-dev (changelog, source)
Index
Search

Module UnsafeHtmlConstruction

Module containing sources, sinks, and sanitizers for unsafe HTML constructed from library input.

Import path

import semmle.javascript.security.dataflow.UnsafeHtmlConstructionCustomizations

Imports

CommonFlowState

Contains a class with flow states that are used by multiple queries.

Predicates

domBasedTaintStep

Holds if there is a taint step from pred to succ for DOM strings/nodes. These steps are mostly relevant for DOM nodes that are created by an XML parser.

isUsedInXssSink

Gets a dataflow node that flows to sink.

Classes

BarrierGuard

A barrier guard for unsafe HTML constructed from library input vulnerabilities.

ExternalInputSource

A parameter of an exported function, seen as a source for usnafe HTML constructed from input.

HtmlConcatenationSink

A string-concatenation of HTML, where the result is used as an XSS sink.

JQueryPluginOptionsAsSource

A jQuery plugin options object, seen as a source for unsafe HTML constructed from input.

MarkdownSink

A string rendered as markdown, where the rendering preserves HTML.

Sink

A sink for unsafe HTML constructed from library input. This sink transforms its input into a value that can cause XSS if it ends up in a XSS sink.

Source

A source for unsafe HTML constructed from library input.

TypeTestGuard

A test for the value of typeof x, restricting the potential types of x.

XmlParsedSink

A string parsed as XML, which is later used in an XSS sink.

XssSink

A sink for js/html-constructed-from-input that constructs some HTML where that HTML is later used in xssSink.