Module UnsafeHtmlConstructionQuery

Provides a taint-tracking configuration for reasoning about HTML constructed from library input vulnerabilities.

Note, for performance reasons: only import this file if UnsafeHtmlConstructionFlow is needed, otherwise UnsafeHtmlConstructionCustomizations should be imported instead.

Import path

import codeql.ruby.security.UnsafeHtmlConstructionQuery

Imports

DataFlow	Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.
UnsafeHtmlConstruction	Module containing sources, sinks, and sanitizers for HTML constructed from library input.

Classes

Configuration

A taint-tracking configuration for detecting unsafe HTML construction. DEPRECATED: Use UnsafeHtmlConstructionFlow

Aliases

UnsafeHtmlConstructionFlow

Taint-tracking for detecting unsafe HTML construction.