Module DomBasedXss
Provides classes and predicates for the DOM-based XSS query.
Import path
import semmle.javascript.security.dataflow.Xss
Predicates
isOptionallySanitizedEdge | Holds if there exists two dataflow edges to |
isPrefixOfJQueryHtmlString | Holds if |
Classes
DangerouslySetInnerHtmlSink | A React |
DomSink | An expression whose value is interpreted as HTML or CSS and may be inserted into the DOM. |
EmailHtmlBodySink | The HTML body of an email, viewed as an XSS sink. |
HtmlParserSink | An expression whose value is interpreted as HTML. |
JQueryHtmlOrSelectorArgument | An argument to the jQuery |
JQueryHtmlOrSelectorSink | An argument to the jQuery |
LibrarySink | An expression whose value is interpreted as HTML and may be inserted into the DOM through a library. |
QueryPrefixSanitizer | A sanitizer that reads the first part a location split by “?”, e.g. |
SafePropertyReadSanitizer | A property read from a safe property is considered a sanitizer. |
Sanitizer | A sanitizer for DOM-based XSS vulnerabilities. |
SanitizerGuard | A sanitizer guard for DOM-based XSS vulnerabilities. |
Sink | A data flow sink for DOM-based XSS vulnerabilities. |
Source | A data flow source for DOM-based XSS vulnerabilities. |
VHtmlSink | A Vue |
VHtmlSourceWrite | A taint propagating data flow edge through a string interpolation of a Vue instance property to a |
VueCreateElementSink | The tag name argument to the |
VueTemplateSink | A write to the |