CodeQL library for JavaScript
Search

Module XssThroughDom

Classes and predicates for the XSS through DOM query.

Import path

import semmle.javascript.security.dataflow.XssThroughDom

Imports

XssThroughDom

Provides classes and predicates for the XSS through DOM query.

Predicates

unsafeAttributeName

Gets an attribute name that could store user-controlled data.

Classes

Configuration

A taint-tracking configuration for reasoning about XSS through the DOM.

DOMTextSource

A source for text from the DOM from a DOM property read or call to getAttribute().

JQueryTextSource

A source for text from the DOM from a JQuery method call.

TypeTestGuard

A test of form typeof x === "something", preventing x from being a string in some cases.