Module IncompleteHtmlAttributeSanitizationConfig

A taint-tracking configuration for reasoning about incomplete HTML sanitization vulnerabilities.

Import path

import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationQuery

isBarrier	Holds if data flow through `node` is prohibited. This completely removes `node` from the data flow graph.
isBarrier	Holds if data flow through `node` is prohibited when the flow state is `state`.
isSink	Holds if `sink` is a relevant data flow sink accepting `state`.
isSource	Holds if `source` is a relevant data flow source with the given initial `state`.
observeDiffInformedIncrementalMode	Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by `AlertFiltering`. This only has an effect when running in diff-informed incremental mode.

A flow state to associate with a tracked value.