Module XssThroughDom
Sources for cross-site scripting vulnerabilities through the DOM.
Import path
import semmle.javascript.security.dataflow.XssThroughDomCustomizations
Predicates
getSelectionCall |
Gets a reference to a value obtained by calling |
unsafeAttributeName |
Gets an attribute name that could store user-controlled data. |
unsafeDomPropertyName |
Gets a DOM property name that could store user-controlled data. |
Classes
D3TextSource |
A source for text from the DOM from a |
DomPropertySource |
A read of a DOM property seen as a source for cross-site scripting vulnerabilities through the DOM. |
DomTextSource |
A source for text from the DOM from a DOM property read or call to |
FilesSource |
The |
JQueryDomPropertySource |
A source for text from a DOM property read by jQuery. |
JQueryTextSource |
A source for text from the DOM from a JQuery method call. |
SelectionSource |
A source for text from the DOM from calling |
Source |
A data flow source for XSS through DOM vulnerabilities. |
Modules
Forms |
A module for form inputs seen as sources for xss-through-dom. |
Aliases
DOMTextSource |
DEPRECATED: Alias for DomTextSource |
JQueryDOMPropertySource |
DEPRECATED: Alias for JQueryDomPropertySource |