Module XpathInjectionQuery

Provides a taint-tracking configuration for reasoning about untrusted user input used in XPath expression.

Note, for performance reasons: only import this file if XpathInjection::Configuration is needed, otherwise XpathInjectionCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.XpathInjectionQuery

Imports

DOM	Provides predicates for reasoning about DOM types and methods.
XpathInjection
javascript	Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

A taint-tracking configuration for untrusted user input used in XPath expression.