Module UnsafeHtmlConstruction
Module containing sources, sinks, and sanitizers for unsafe HTML constructed from library input.
Import path
import semmle.javascript.security.dataflow.UnsafeHtmlConstructionCustomizations
Predicates
domBasedTaintStep |
Holds if there is a taint step from |
isUsedInXssSink |
Gets a dataflow node that flows to |
Classes
ExternalInputSource |
A parameter of an exported function, seen as a source for usnafe HTML constructed from input. |
HtmlConcatenationSink |
A string-concatenation of HTML, where the result is used as an XSS sink. |
JQueryPluginOptionsAsSource |
A jQuery plugin options object, seen as a source for unsafe HTML constructed from input. |
MarkdownSink |
A string rendered as markdown, where the rendering preserves HTML. |
Sink |
A sink for unsafe HTML constructed from library input. This sink transforms its input into a value that can cause XSS if it ends up in a XSS sink. |
Source |
A source for unsafe HTML constructed from library input. |
TypeTestGuard |
A test for the value of |
XmlParsedSink |
A string parsed as XML, which is later used in an XSS sink. |
XssSink |
A sink for |