CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.1-dev (changelog, source)
Search

Predicate UnsafeHtmlConstruction::domBasedTaintStep

Holds if there is a taint step from pred to succ for DOM strings/nodes. These steps are mostly relevant for DOM nodes that are created by an XML parser.

Import path

import semmle.javascript.security.dataflow.UnsafeHtmlConstructionCustomizations
predicate domBasedTaintStep(Node pred, SourceNode succ)