Module ReflectedXss
Provides default sources, sinks and sanitizers for detecting “reflected cross-site scripting” vulnerabilities, as well as extension points for adding your own.
Import path
import codeql.ruby.security.XSS
Classes
HttpRequestInputAccessAsSource | A HTTP request input, considered as a flow source. |
Source | A data flow source for stored XSS vulnerabilities. |
Aliases
Sanitizer | A sanitizer for stored XSS vulnerabilities. |
Sink | A data flow sink for stored XSS vulnerabilities. |
isAdditionalXssTaintStep | An additional step that is preserves dataflow in the context of reflected XSS. |