CodeQL library for JavaScript
Search

Module DomBasedXss

Provides classes and predicates for the DOM-based XSS query.

Import path

import semmle.javascript.security.dataflow.Xss

Predicates

isOptionallySanitizedEdge

Holds if there exists two dataflow edges to succ, where one edges is sanitized, and the other edge starts with pred.

isPrefixOfJQueryHtmlString

Holds if prefix is a prefix of htmlString, which may be intepreted as HTML by a jQuery method.

Classes

DangerouslySetInnerHtmlSink

A React dangerouslySetInnerHTML attribute, viewed as an XSS sink.

DomSink

An expression whose value is interpreted as HTML or CSS and may be inserted into the DOM.

EmailHtmlBodySink

The HTML body of an email, viewed as an XSS sink.

HtmlParserSink

An expression whose value is interpreted as HTML.

JQueryHtmlOrSelectorArgument

An argument to the jQuery $ function or similar, which is interpreted as either a selector or as an HTML string depending on its first character.

JQueryHtmlOrSelectorSink

An argument to the jQuery $ function or similar, which may be interpreted as HTML.

LibrarySink

An expression whose value is interpreted as HTML and may be inserted into the DOM through a library.

SafePropertyReadSanitizer

A property read from a safe property is considered a sanitizer.

Sanitizer

A sanitizer for DOM-based XSS vulnerabilities.

SanitizerGuard

A sanitizer guard for DOM-based XSS vulnerabilities.

Sink

A data flow sink for DOM-based XSS vulnerabilities.

Source

A data flow source for DOM-based XSS vulnerabilities.

VHtmlSink

A Vue v-html attribute, viewed as an XSS sink.

VueCreateElementSink

The tag name argument to the createElement parameter of the render method of a Vue instance, viewed as an XSS sink.

VueTemplateSink

A write to the template option of a Vue instance, viewed as an XSS sink.