Module ReflectedXss
Provides default sources, sinks and sanitizers for detecting “reflected cross-site scripting” vulnerabilities, as well as extension points for adding your own.
Import path
import codeql.ruby.security.XSSClasses
| HttpRequestInputAccessAsSource | A HTTP request input, considered as a flow source. |
| Source | A data flow source for stored XSS vulnerabilities. |
Aliases
| Sanitizer | A sanitizer for stored XSS vulnerabilities. |
| Sink | A data flow sink for stored XSS vulnerabilities. |
| isAdditionalXssTaintStep | An additional step that is preserves dataflow in the context of reflected XSS. |