CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.18-dev (changelog, source)
Index
Search

Module XpathInjection

Import path

import semmle.javascript.security.dataflow.XpathInjectionCustomizations

Classes

DocumentUrlSource

A part of the document URL, considered as a flow source for XPath injection.

DomXpathSink

The expression argument to document.evaluate or document.createExpression, considered as a flow sink for XPath injection.

RemoteSource

A source of remote user input, considered as a flow source for XPath injection.

Sanitizer

A sanitizer for untrusted user input used in XPath expression.

Sink

A data flow sink for untrusted user input used in XPath expression.

Source

A data flow source for untrusted user input used in XPath expression.

XpathParseSelectSink

The expression argument to xpath.parse or xpath.select (and similar) from the xpath or xpath.js npm packages, considered as a flow sink for XPath injection.