A string-concatenation of HTML, where the result is used as an XSS sink.
Import path
import semmle.javascript.security.dataflow.UnsafeHtmlConstructionCustomizations
Direct supertypes
Indirect supertypes
Predicates
describe | Gets a string describing the transformation that this sink represents. |
Inherited predicates
accessesGlobal | Holds if this data flow node accesses the global variable | from Node |
analyze | Gets type inference results for this data flow node. | from Node |
asExpr | Gets the expression corresponding to this data flow node, if any. | from Node |
getABoundFunctionValue | Gets a function value that may reach this node, possibly derived from a partial function invocation. | from Node |
getAFunctionValue | Gets a function value that may reach this node. | from Node |
getAFunctionValue | Gets a function value that may reach this node with the given | from Node |
getALocalSource | Gets a source node from which data may flow to this node in zero or more local steps. | from Node |
getAPredecessor | Gets a data flow node from which data may flow to this node in one local step. | from Node |
getASuccessor | Gets a data flow node to which data may flow from this node in one local step. | from Node |
getAnOperand | Gets an operand of this string concatenation. | from ConcatenationNode |
getAstNode | Gets the AST node corresponding to this data flow node, if any. | from Node |
getBasicBlock | Gets the basic block to which this node belongs. | from Node |
getContainer | Gets the container in which this node occurs. | from Node |
getEnclosingExpr | Gets the expression enclosing this data flow node. In most cases the result is the same as | from Node |
getEndColumn | Gets the end column of this data flow node. | from Node |
getEndLine | Gets the end line of this data flow node. | from Node |
getFile | Gets the file this data flow node comes from. | from Node |
getFirstLeaf | Gets the first leaf in this concatenation tree. | from ConcatenationNode |
getFirstOperand | Gets the first operand of this string concatenation. | from ConcatenationNode |
getImmediatePredecessor | Gets the immediate predecessor of this node, if any. | from Node |
getIntValue | Gets the integer value of this node, if it is an integer constant. | from Node |
getLastLeaf | Gets the last leaf in this concatenation tree. | from ConcatenationNode |
getLastOperand | Gets the last operand of this string concatenation | from ConcatenationNode |
getLocation | Gets the location of this node. | from Node |
getNextLeaf | Gets the leaf that is occurs immediately after this leaf in the concatenation tree, if any. | from ConcatenationNode |
getNumOperand | Gets the number of operands of this string concatenation. | from ConcatenationNode |
getOperand | Gets the | from ConcatenationNode |
getParentConcatenation | Gets the enclosing concatenation in which this is an operand, if any. | from ConcatenationNode |
getPreviousLeaf | Gets the leaf that is occurs immediately before this leaf in the concatenation tree, if any. | from ConcatenationNode |
getRoot | Gets the root of the concatenation tree in which this is an operator. | from ConcatenationNode |
getSink | Gets the XSS sink that this transformed input ends up in. | from XssSink |
getStartColumn | Gets the start column of this data flow node. | from Node |
getStartLine | Gets the start line of this data flow node. | from Node |
getStringValue | Gets the string value of this node, if it is a string literal or constant string concatenation. | from Node |
getTopLevel | Gets the toplevel in which this node occurs. | from Node |
getVulnerabilityKind | Gets the kind of vulnerability to report in the alert message. | from XssSink |
hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
hasUnderlyingType | Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type. | from Node |
hasUnderlyingType | Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type. | from Node |
isCoercion | Holds if this only acts as a string coercion, such as | from ConcatenationNode |
isIncomplete | Holds if the flow information for this node is incomplete. | from Node |
isLeaf | Holds if this is a leaf in the concatenation tree, that is, it is not itself a concatenation. | from ConcatenationNode |
isRoot | Holds if this is the root of a concatenation tree, that is, it is a concatenation operator that is not itself the immediate operand to another concatenation operator. | from ConcatenationNode |
mayHaveBooleanValue | Holds if this node may evaluate to the Boolean value | from Node |
mayHaveStringValue | Holds if this node may evaluate to the string | from Node |
toString | Gets a textual representation of this element. | from Node |