Module XSS::XSS

Imports

AspNet

Provides all ASP.NET classes.

AspNetCore

Provides classes for working with Microsoft.AspNetCore.Mvc.

Forms

Provides definitions related to the namespace System.Windows.Forms.

Mvc

Provides definitions related to the namespace System.Web.Mvc.

Net

Provides definitions related to the namespace System.Net.

Remote

Provides classes representing data flow sources for remote user input.

Sanitizers

Provides classes for identifying expressions that might be sanitized.

UI

Provides definitions related to the namespace System.Web.UI.

Web

Provides definitions related to the namespace System.Web.

WebControls

Provides definitions related to the namespace System.Web.UI.WebControls.

WebPages

Definitions related to the namespace System.Web.WebPages, ASP.NET

Predicates

aspWrittenValue

Gets a value that is written to the member accessed by the given AspInlineMember.

xssFlow

Holds if there is tainted flow from source to sink that may lead to a cross-site scripting (XSS) vulnerability, with message providing a description of the source. This is the main predicate to use in XSS queries.

Classes

AspInlineMember

An AspInlineCode which is an access to a member inherited from the corresponding ‘CodeBehind’ class. This includes direct accesses as well as qualified accesses or array indexing on the member.

AspNetCoreSink
HtmlSink

A sink where the value of the expression may be rendered as HTML.

MicrosoftAspNetCoreMvcHtmlHelperRawSink

An expression that is used as an argument to HtmlHelper.Raw, typically in a .cshtml file.

MicrosoftAspNetHtmlStringSink

HtmlString that may be rendered as is need to have sanitized value

MicrosoftAspNetRazorPageWriteLiteralSink

An expression that is used as an argument to Page.WriteLiteral in ASP.NET 6.0 razor page, typically in a .cshtml file.

RemoteSource

A source of remote user input.

Sanitizer

A sanitizer for cross-site scripting (XSS) vulnerabilities.

Sink

A data flow sink for cross-site scripting (XSS) vulnerabilities.

Source

A data flow source for cross-site scripting (XSS) vulnerabilities.

TaintTrackingConfiguration

A taint-tracking configuration for cross-site scripting (XSS) vulnerabilities.

WebPageWriteLiteralSink

An expression that is used as an argument to Page.WriteLiteral, typically in a .cshtml file.

WebPageWriteLiteralToSink

An expression that is used as an argument to Page.WriteLiteralTo, typically in a .cshtml file.

XssAspNode

An ASP inline code element, viewed as an XSS flow node.

XssDataFlowNode

A data flow node, viewed as an XSS flow node.

XssNode

A flow node for tracking cross-site scripting (XSS) vulnerabilities. Can be a standard data flow node (XssDataFlowNode) or an ASP inline code element (XssAspNode).