Module Shared

Provides classes and predicates shared between the XSS queries.

Import path

import semmle.javascript.security.dataflow.Xss

ContainsHTMLGuard	A sanitizer guard that checks for the existence of HTML chars in a string. E.g. `/["'&<>]/.exec(str)`.
IsEscapedInSwitchSanitizer	An expression that is sanitized by a switch-case.
MetacharEscapeSanitizer	A global regexp replacement involving the `<`, `'`, or `"` meta-character, viewed as a sanitizer for XSS vulnerabilities.
QuoteGuard	A guard that checks if a string can contain quotes, which is a guard for strings that are inside a HTML attribute.
Sanitizer	A sanitizer for XSS vulnerabilities.
SanitizerGuard	A sanitizer guard for XSS vulnerabilities.
SerializeJavascriptSanitizer	A call to `serialize-javascript`, which prevents XSS vulnerabilities unless the `unsafe` option is set to `true`.
Sink	A data flow sink for XSS vulnerabilities.
Source	A data flow source for XSS vulnerabilities.
UriEncodingSanitizer	A call to `encodeURI` or `encodeURIComponent`, viewed as a sanitizer for XSS vulnerabilities.