Module XssThroughDom
Sources for cross-site scripting vulnerabilities through the DOM.
Import path
import semmle.javascript.security.dataflow.XssThroughDomCustomizations
Predicates
getSelectionCall | Gets a reference to a value obtained by calling |
unsafeAttributeName | Gets an attribute name that could store user-controlled data. |
unsafeDomPropertyName | Gets a DOM property name that could store user-controlled data. |
Classes
D3TextSource | A source for text from the DOM from a |
DomPropertySource | A read of a DOM property seen as a source for cross-site scripting vulnerabilities through the DOM. |
DomTextSource | A source for text from the DOM from a DOM property read or call to |
FilesSource | The |
JQueryDomPropertySource | A source for text from a DOM property read by jQuery. |
JQueryTextSource | A source for text from the DOM from a JQuery method call. |
SelectionSource | A source for text from the DOM from calling |
Source | A data flow source for XSS through DOM vulnerabilities. |
Modules
Forms | A module for form inputs seen as sources for xss-through-dom. |
Aliases
JQueryDOMPropertySource | DEPRECATED: Alias for JQueryDomPropertySource |