XSS: expose extension point for defining barrier sinks

java/ql/src/semmle/code/java/security/XSS.qll

@@ -15,6 +15,12 @@ abstract class XssSink extends DataFlow::Node { }
 /** A sanitizer that neutralizes dangerous characters that can be used to perform a XSS attack. */
 abstract class XssSanitizer extends DataFlow::Node { }
 
+/**
+ * A sink that represent a method that outputs data without applying contextual output encoding,
+ * and which should truncate flow paths such that downstream sinks are not flagged as well.
+ */
+abstract class XssSinkBarrier extends XssSink { }
+
 /**
  * A unit class for adding additional taint steps.
  *