Add models for the read side of golang.org/x/net/html

This covers cases where an HTML document is retrieved and then parts of its structure are output without proper escaping.
2026-01-29 14:23:03 +01:00 · 2020-10-21 15:26:49 +01:00
parent 03bbef7286
commit 02f353eabd
2 changed files with 5 additions and 1 deletions
--- a/change-notes/2020-10-12-x-net-html.md
+++ b/change-notes/2020-10-12-x-net-html.md
@@ -1,2 +1,2 @@
 lgtm,codescanning
-* Added partial support for the `golang.org/x/net/html` package, modelling tainted data flow from a retrieved HTML document to its attributes and other data.
+* Added partial support for the `golang.org/x/net/html` package, modeling tainted data flow from a retrieved HTML document to its attributes and other data.
--- a/ql/src/semmle/go/frameworks/XNetHtml.qll
+++ b/ql/src/semmle/go/frameworks/XNetHtml.qll
@@ -30,6 +30,10 @@ module XNetHtml {
            "NewTokenizer", "NewTokenizerFragment"] and
      input.isParameter(0) and
      output.isResult(0)
+      or
+      getName() = ["AppendChild", "InsertBefore"] and
+      input.isParameter(0) and
+      output.isReceiver()
    }
  }