Module UnsafeJQueryPlugin

Import path


                                import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizations

Holds if there exists a jQuery plugin that likely expects sink to be treated as an HTML fragment.

AmbiguousHtmlOrSelectorArgument	An argument that may act as an HTML fragment rather than a CSS selector, as a sink for remote unsafe jQuery plugins.
AmbiguousHtmlOrSelectorArgumentAsSink	An argument that may act as an HTML fragment rather than a CSS selector, as a sink for remote unsafe jQuery plugins.
IntentionalHtmlFragmentHint	A hint that a value is expected to be treated as an HTML fragment later.
IsElementSanitizer	An expression of form `isElement(x)`, which sanitizes `x`.
JQueryPluginOptions	The client-provided options object for a jQuery plugin.
JQueryPluginOptionsAsSource	The client-provided options object for a jQuery plugin, considered as a source for unsafe jQuery plugins.
NumberGuard	A guard that checks whether `x` is a number.
PropertyPresenceSanitizer	An expression like `typeof x.<?> !== "undefined"` or `x.<?>`, which sanitizes `x`, as it is unlikely to be a string afterwards.
Sanitizer	A sanitizer for unsafe jQuery plugins.
Sink	A data flow sink for unsafe jQuery plugins.
Source	A data flow source for unsafe jQuery plugins.