Module UnsafeJQueryPlugin
Import path
import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizations
Predicates
isLikelyIntentionalHtmlSink |
Holds if there exists a jQuery plugin that likely expects |
Classes
AmbiguousHtmlOrSelectorArgument |
An argument that may act as an HTML fragment rather than a CSS selector, as a sink for remote unsafe jQuery plugins. |
AmbiguousHtmlOrSelectorArgumentAsSink |
An argument that may act as an HTML fragment rather than a CSS selector, as a sink for remote unsafe jQuery plugins. |
IntentionalHtmlFragmentHint |
A hint that a value is expected to be treated as an HTML fragment later. |
IsElementSanitizer |
An expression of form |
JQueryPluginOptions |
The client-provided options object for a jQuery plugin. |
JQueryPluginOptionsAsSource |
The client-provided options object for a jQuery plugin, considered as a source for unsafe jQuery plugins. |
NumberGuard |
A guard that checks whether |
PropertyPresenceSanitizer |
An expression like |
Sanitizer |
A sanitizer for unsafe jQuery plugins. |
Sink |
A data flow sink for unsafe jQuery plugins. |
Source |
A data flow source for unsafe jQuery plugins. |