Module UnsafeHtmlConstruction

Module containing sources, sinks, and sanitizers for unsafe HTML constructed from library input.

Import path


                                import semmle.javascript.security.dataflow.UnsafeHtmlConstructionCustomizations

domBasedTaintStep	Holds if there is a taint step from `pred` to `succ` for DOM strings/nodes. These steps are mostly relevant for DOM nodes that are created by an XML parser.
isUsedInXssSink	Gets a dataflow node that flows to `sink`.

ExternalInputSource	A parameter of an exported function, seen as a source for usnafe HTML constructed from input.
HtmlConcatenationSink	A string-concatenation of HTML, where the result is used as an XSS sink.
JQueryPluginOptionsAsSource	A jQuery plugin options object, seen as a source for unsafe HTML constructed from input.
MarkdownSink	A string rendered as markdown, where the rendering preserves HTML.
Sink	A sink for unsafe HTML constructed from library input. This sink transforms its input into a value that can cause XSS if it ends up in a XSS sink.
Source	A source for unsafe HTML constructed from library input.
TypeTestGuard	A test for the value of `typeof x`, restricting the potential types of `x`.
XmlParsedSink	A string parsed as XML, which is later used in an XSS sink.
XssSink	A sink for `js/html-constructed-from-input` that constructs some HTML where that HTML is later used in `xssSink`.