Module XpathInjection::XpathInjection

Classes

Configuration

A taint-tracking configuration for untrusted user input used in XPath expression.

DocumentUrlSource

A part of the document URL, considered as a flow source for XPath injection.

DomXpathSink

The expression argument to document.evaluate or document.createExpression, considered as a flow sink for XPath injection.

RemoteSource

A source of remote user input, considered as a flow source for XPath injection.

Sanitizer

A sanitizer for untrusted user input used in XPath expression.

Sink

A data flow sink for untrusted user input used in XPath expression.

Source

A data flow source for untrusted user input used in XPath expression.

XpathParseSelectSink

The expression argument to xpath.parse or xpath.select (and similar) from the xpath or xpath.js npm packages, considered as a flow sink for XPath injection.