Module ReflectedXss
Provides classes and predicates for the reflected XSS query.
Import path
import semmle.javascript.security.dataflow.Xss
Predicates
getANonHtmlHeaderDefinition | Gets a HeaderDefinition that defines a non-html content-type for |
headerAffects | Holds if a header set in |
isLocalHeaderDefinition | Holds if the HeaderDefinition |
nonHtmlContentTypeHeader | Holds if |
Classes
HttpResponseSink | An expression that is sent as part of an HTTP response, considered as an XSS sink. |
Sanitizer | A sanitizer for reflected XSS vulnerabilities. |
SanitizerGuard | A sanitizer guard for reflected XSS vulnerabilities. |
Sink | A data flow sink for reflected XSS vulnerabilities. |
Source | A data flow source for reflected XSS vulnerabilities. |