CodeQL library for JavaScript
Search

Module ReflectedXss

Provides classes and predicates for the reflected XSS query.

Import path

import semmle.javascript.security.dataflow.Xss

Predicates

getANonHtmlHeaderDefinition

Gets a HeaderDefinition that defines a non-html content-type for send.

headerAffects

Holds if a header set in header is likely to affect a response sent at sender.

isLocalHeaderDefinition

Holds if the HeaderDefinition header seems to be local. A HeaderDefinition is local if it dominates exactly one ResponseSendArgument.

nonHtmlContentTypeHeader

Holds if h may send a response with a content type other than HTML.

Classes

HttpResponseSink

An expression that is sent as part of an HTTP response, considered as an XSS sink.

Sanitizer

A sanitizer for reflected XSS vulnerabilities.

SanitizerGuard

A sanitizer guard for reflected XSS vulnerabilities.

Sink

A data flow sink for reflected XSS vulnerabilities.

Source

A data flow source for reflected XSS vulnerabilities.