For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

XssThroughDom

Module XssThroughDomCustomizations

Sources for cross-site scripting vulnerabilities through the DOM.


                                import semmle.javascript.security.dataflow.XssThroughDomCustomizations

getSelectionCall	Gets a reference to a value obtained by calling `window.getSelection()`. https://developer.mozilla.org/en-US/docs/Web/API/Selection
unsafeAttributeName	Gets an attribute name that could store user-controlled data.
unsafeDomPropertyName	Gets a DOM property name that could store user-controlled data.

D3TextSource	A source for text from the DOM from a `d3` method call.
DomPropertySource	A read of a DOM property seen as a source for cross-site scripting vulnerabilities through the DOM.
DomTextSource	A source for text from the DOM from a DOM property read or call to `getAttribute()`.
FilesSource	The `files` property of an `<input />` element
JQueryDomPropertySource	A source for text from a DOM property read by jQuery.
JQueryTextSource	A source for text from the DOM from a JQuery method call.
SelectionSource	A source for text from the DOM from calling `toString()` on a `Selection` object. The `toString()` method returns the currently selected text in the DOM. https://developer.mozilla.org/en-US/docs/Web/API/Selection
Source	A data flow source for XSS through DOM vulnerabilities.

A module for form inputs seen as sources for xss-through-dom.

DOMTextSource	DEPRECATED: Alias for DomTextSource
JQueryDOMPropertySource	DEPRECATED: Alias for JQueryDomPropertySource