A taint-tracking configuration for reasoning about XSS.
An expression whose value is interpreted as HTML by a DOMParser.
An expression whose value is interpreted as HTML or CSS and may be inserted into the DOM.
The HTML body of an email, viewed as an XSS sink.
An expression whose value is interpreted as HTML and may be inserted into the DOM through a library.
An access of the URL of this page, or of the referrer to this page.
A source of remote user input, considered as a flow source for DOM-based XSS.
A sanitizer for XSS vulnerabilities.
A data flow sink for XSS vulnerabilities.
A data flow source for XSS vulnerabilities.