CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.6 (changelog, source)
Search

Module XpathInjectionQuery

Provides a taint-tracking configuration for reasoning about untrusted user input used in XPath expression.

Note, for performance reasons: only import this file if XpathInjection::Configuration is needed, otherwise XpathInjectionCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.XpathInjectionQuery

Imports

DOM

Provides predicates for reasoning about DOM types and methods.

XpathInjection
javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

DEPRECATED. Use the XpathInjectionFlow module instead.

Modules

XpathInjectionConfig

A taint-tracking configuration for untrusted user input used in XPath expression.

Aliases

XpathInjectionFlow

Taint-tracking for untrusted user input used in XPath expression.