Module DOM

Provides predicates for reasoning about DOM types.

Import path

semmle.javascript.security.dataflow.DOM

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

document

Gets a reference to the ‘document’ object.

isDocument

Holds if e could refer to the document object.

isDocumentURL

Holds if e could refer to the document URL.

isDomRootType

Holds if tp is one of the roots of the DOM type hierarchy.

isDomValue

Holds if e could hold a value that comes from the DOM.

isLocation

Holds if e could refer to the location property of a DOM node.

isSafeLocationProperty

Holds if pacc accesses a part of document.location that is not considered user-controlled, that is, anything except href, hash and search.

Classes

DOMGlobalVariable

A global variable whose declared type extends a DOM root type.

DomMethodCallExpr

A call to a DOM method.

DomPropWriteNode

An assignment to a property of a DOM object.

PostMessageEventHandler

An event handler that handles postMessage events.

WebStorageWrite

A value written to web storage, like localStorage or sessionStorage.