From b885249d9d36b867bffabc280d104209fa471899 Mon Sep 17 00:00:00 2001
From: tiferet <tiferet@github.com>
Date: Tue, 29 Nov 2022 16:26:29 -0800
Subject: [PATCH 1/6] Add a boosted version of XssThroughDOM

---
 .../XssThroughDomATM.qll                      | 88 +++++++++++++++++++
 .../extraction/ExtractEndpointMapping.ql      |  3 +
 .../src/XssThroughDomATM.ql                   | 25 ++++++
 3 files changed, 116 insertions(+)
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll
 create mode 100644 javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll
new file mode 100644
index 00000000000..87d69a37165
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/XssThroughDomATM.qll
@@ -0,0 +1,88 @@
+/**
+ * For internal use only.
+ *
+ * A taint-tracking configuration for reasoning about XSS through the DOM.
+ * Defines shared code used by the XSS Through DOM boosted query.
+ */
+
+private import semmle.javascript.heuristics.SyntacticHeuristics
+private import semmle.javascript.security.dataflow.DomBasedXssCustomizations
+private import semmle.javascript.dataflow.InferredTypes
+private import semmle.javascript.security.dataflow.XssThroughDomCustomizations::XssThroughDom as XssThroughDom
+private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin as UnsafeJQuery
+import AdaptiveThreatModeling
+
+class XssThroughDomAtmConfig extends AtmConfig {
+  XssThroughDomAtmConfig() { this = "XssThroughDomAtmConfig" }
+
+  override predicate isKnownSource(DataFlow::Node source) {
+    source instanceof XssThroughDom::Source
+  }
+
+  override EndpointType getASinkEndpointType() { result instanceof XssSinkType }
+
+  override predicate isSanitizer(DataFlow::Node node) {
+    super.isSanitizer(node) or
+    node instanceof DomBasedXss::Sanitizer
+  }
+
+  override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) {
+    guard instanceof TypeTestGuard or
+    guard instanceof UnsafeJQuery::PropertyPresenceSanitizer or
+    guard instanceof UnsafeJQuery::NumberGuard or
+    guard instanceof PrefixStringSanitizer or
+    guard instanceof QuoteGuard or
+    guard instanceof ContainsHtmlGuard
+  }
+
+  override predicate isSanitizerEdge(DataFlow::Node pred, DataFlow::Node succ) {
+    DomBasedXss::isOptionallySanitizedEdge(pred, succ)
+  }
+}
+
+/**
+ * A test of form `typeof x === "something"`, preventing `x` from being a string in some cases.
+ *
+ * This sanitizer helps prune infeasible paths in type-overloaded functions.
+ */
+class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode {
+  override EqualityTest astNode;
+  Expr operand;
+  boolean polarity;
+
+  TypeTestGuard() {
+    exists(TypeofTag tag | TaintTracking::isTypeofGuard(astNode, operand, tag) |
+      // typeof x === "string" sanitizes `x` when it evaluates to false
+      tag = "string" and
+      polarity = astNode.getPolarity().booleanNot()
+      or
+      // typeof x === "object" sanitizes `x` when it evaluates to true
+      tag != "string" and
+      polarity = astNode.getPolarity()
+    )
+  }
+
+  override predicate sanitizes(boolean outcome, Expr e) {
+    polarity = outcome and
+    e = operand
+  }
+}
+
+private import semmle.javascript.security.dataflow.Xss::Shared as Shared
+
+private class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode,
+  DomBasedXss::PrefixStringSanitizer {
+  PrefixStringSanitizer() { this = this }
+}
+
+private class PrefixString extends DataFlow::FlowLabel, DomBasedXss::PrefixString {
+  PrefixString() { this = this }
+}
+
+private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard {
+  QuoteGuard() { this = this }
+}
+
+private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard {
+  ContainsHtmlGuard() { this = this }
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
index 697928d74b0..57c536eac12 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointMapping.ql
@@ -8,6 +8,7 @@ import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAtm
 import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 import experimental.adaptivethreatmodeling.XssATM as XssAtm
+import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 import experimental.adaptivethreatmodeling.AdaptiveThreatModeling
 
 from string queryName, AtmConfig c, EndpointType e
@@ -23,6 +24,8 @@ where
     c instanceof TaintedPathAtm::TaintedPathAtmConfig
     or
     queryName = "Xss" and c instanceof XssAtm::DomBasedXssAtmConfig
+    or
+    queryName = "XssThroughDom" and c instanceof XssThroughDomAtm::XssThroughDomAtmConfig
   ) and
   e = c.getASinkEndpointType()
 select queryName, e.getEncoding() as label
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql
new file mode 100644
index 00000000000..60df6941400
--- /dev/null
+++ b/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql
@@ -0,0 +1,25 @@
+/**
+ * For internal use only.
+ *
+ * @name DOM text reinterpreted as HTML (experimental)
+ * @description Reinterpreting text from the DOM as HTML can lead
+ *              to a cross-site scripting vulnerability.
+ * @kind path-problem
+ * @scored
+ * @problem.severity error
+ * @security-severity 6.1
+ * @id js/ml-powered/xss-through-dom
+ * @tags experimental security
+ *       external/cwe/cwe-079 external/cwe/cwe-116
+ */
+
+import javascript
+import ATM::ResultsInfo
+import DataFlow::PathGraph
+import experimental.adaptivethreatmodeling.XssThroughDomATM
+
+from AtmConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
+where cfg.getAlerts(source, sink, score)
+select sink.getNode(), source, sink,
+  "(Experimental) $@ may be reinterpreted as HTML without escaping meta-characters. Identified using machine learning.",
+  source.getNode(), "DOM text", score

From f388703a3d5a007ba5aa0381108f2c6779e689be Mon Sep 17 00:00:00 2001
From: Jean Helie <jhelie@github.com>
Date: Thu, 1 Dec 2022 17:45:07 +0100
Subject: [PATCH 2/6] ATM: update further files following the addition of
 XssThroughDom query

---
 .../modelbuilding/DebugResultInclusion.ql                  | 4 ++++
 .../modelbuilding/extraction/Queries.qll                   | 7 ++++++-
 .../test/endpoint_large_scale/EndpointFeatures.ql          | 2 ++
 .../test/endpoint_large_scale/FilteredTruePositives.ql     | 7 +++++++
 4 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql
index 444f682304d..ac2f2f1d817 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/DebugResultInclusion.ql
@@ -16,6 +16,7 @@ private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInj
 private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 private import experimental.adaptivethreatmodeling.XssATM as XssAtm
+private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 
 string getAReasonSinkExcluded(DataFlow::Node sinkCandidate, Query query) {
   query instanceof NosqlInjectionQuery and
@@ -29,6 +30,9 @@ string getAReasonSinkExcluded(DataFlow::Node sinkCandidate, Query query) {
   or
   query instanceof XssQuery and
   result = any(XssAtm::DomBasedXssAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
+  or
+  query instanceof XssThroughDomQuery and
+  result = any(XssThroughDomAtm::XssThroughDomAtmConfig cfg).getAReasonSinkExcluded(sinkCandidate)
 }
 
 pragma[inline]
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
index 51dd3ffec84..a75e01b99cd 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll
@@ -8,7 +8,8 @@ newtype TQuery =
   TNosqlInjectionQuery() or
   TSqlInjectionQuery() or
   TTaintedPathQuery() or
-  TXssQuery()
+  TXssQuery() or
+  TXssThroughDomQuery()
 
 abstract class Query extends TQuery {
   abstract string getName();
@@ -31,3 +32,7 @@ class TaintedPathQuery extends Query, TTaintedPathQuery {
 class XssQuery extends Query, TXssQuery {
   override string getName() { result = "Xss" }
 }
+
+class XssThroughDomQuery extends Query, TXssThroughDomQuery {
+  override string getName() { result = "XssThroughDom" }
+}
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql
index 9439fda8ab2..5c19ec53dcd 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/EndpointFeatures.ql
@@ -11,6 +11,7 @@ import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAt
 import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 import experimental.adaptivethreatmodeling.XssATM as XssAtm
+import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 import experimental.adaptivethreatmodeling.EndpointFeatures as EndpointFeatures
 import extraction.NoFeaturizationRestrictionsConfig
 private import experimental.adaptivethreatmodeling.EndpointCharacteristics as EndpointCharacteristics
@@ -21,6 +22,7 @@ query predicate tokenFeatures(DataFlow::Node endpoint, string featureName, strin
     not exists(any(SqlInjectionAtm::SqlInjectionAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
     not exists(any(TaintedPathAtm::TaintedPathAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
     not exists(any(XssAtm::DomBasedXssAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
+    not exists(any(XssThroughDomAtm::XssThroughDomAtmConfig cfg).getAReasonSinkExcluded(endpoint)) or
     any(EndpointCharacteristics::IsArgumentToModeledFunctionCharacteristic characteristic)
         .getEndpoints(endpoint)
   ) and
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.ql b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.ql
index d8de88e3454..0e382df6ba9 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.ql
@@ -20,6 +20,7 @@ import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInjectionAt
 import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 import experimental.adaptivethreatmodeling.XssATM as XssAtm
+import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 
 query predicate nosqlFilteredTruePositives(DataFlow::Node endpoint, string reason) {
   endpoint instanceof NosqlInjection::Sink and
@@ -44,3 +45,9 @@ query predicate xssFilteredTruePositives(DataFlow::Node endpoint, string reason)
   reason = any(XssAtm::DomBasedXssAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
   reason != "argument to modeled function"
 }
+
+query predicate xssThroughDomFilteredTruePositives(DataFlow::Node endpoint, string reason) {
+  endpoint instanceof DomBasedXss::Sink and
+  reason = any(XssThroughDomAtm::XssThroughDomAtmConfig cfg).getAReasonSinkExcluded(endpoint) and
+  reason != "argument to modeled function"
+}

From 50a3c0d725084011bcc334ae0addcb2def9d8a04 Mon Sep 17 00:00:00 2001
From: Jean Helie <jhelie@github.com>
Date: Thu, 1 Dec 2022 17:53:09 +0100
Subject: [PATCH 3/6] ATM: update expected ML test values

---
 .../ExtractEndpointDataTraining.expected      | 741 ++++++++++++++++++
 .../FilteredTruePositives.expected            |   8 +
 .../ExtractEndpointDataTraining.expected      |  16 +
 3 files changed, 765 insertions(+)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
index 822e8c7f34a..378827bd6d4 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
@@ -103,6 +103,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:11:45:17:1 | {\\n    t ... tring\\n} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:24:24:24:30 | [query] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -179,6 +184,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:63:33:63:33 | X | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:29:65:29 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -207,6 +217,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:65:39:65:50 | function(){} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:67:27:67:31 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -235,6 +250,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:68:15:68:26 | function(){} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:71:20:71:24 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -291,6 +311,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:22:85:51 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:85:46:85:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -319,6 +344,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:86:22:86:51 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:19:87:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -343,6 +373,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:27:87:56 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:87:51:87:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -371,6 +406,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:88:27:88:56 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:19:89:19 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -395,6 +435,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:27:89:51 | (res) = ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:89:46:89:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -423,6 +468,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:27:90:27 | Y | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -443,6 +493,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:90:30:90:54 | (err) = ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:16:92:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -467,6 +522,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:19:92:51 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:92:46:92:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -495,6 +555,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:93:19:93:48 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:16:94:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -519,6 +584,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:24:94:56 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:94:51:94:55 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -547,6 +617,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:95:24:95:53 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:16:96:16 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -571,6 +646,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:24:96:51 | (res) = ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:96:46:96:50 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -599,6 +679,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:24:97:24 | Y | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -619,6 +704,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:97:27:97:51 | (err) = ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:17:99:17 | X | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -643,6 +733,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:99:20:99:49 | (err, r ... (query) | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:111:14:111:18 | query | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -675,6 +770,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:113:38:113:52 | function () { } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/mongoose.js:116:22:116:25 | cond | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -795,6 +895,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:4:18:4:52 | process ... TRING'] | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/pg-promise.js:9:10:9:14 | query | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -955,6 +1060,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -975,6 +1085,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:27:15:27:41 | functio ... es) { } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -995,6 +1110,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:29:22:31:5 | (err, n ... K\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1035,6 +1155,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:49:35:49:37 | key | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1055,6 +1180,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | notASinkReason | EventRegistration | string |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | notASinkReason | EventRegistration | string |
+| autogenerated/NosqlAndSqlInjection/untyped/socketio.js:10:24:12:3 | (handle ... `);\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/socketio.js:11:12:11:53 | `INSERT ... andle}` | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1091,6 +1221,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:22:9:23 | [] | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1111,6 +1246,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:9:26:11:3 | functio ... lts\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:14:16:19 | query2 | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1135,6 +1275,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:22:16:42 | [req.pa ... tegory] | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1155,6 +1300,11 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| autogenerated/NosqlAndSqlInjection/untyped/tst3.js:16:45:18:3 | functio ... lts\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/tst4.js:8:10:8:66 | 'SELECT ... d + '"' | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1203,6 +1353,11 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/TaintedPath.js:23:21:23:24 | path | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:24:33:24:36 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1311,6 +1466,11 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/TaintedPath.js:102:44:102:47 | path | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1331,6 +1491,11 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/TaintedPath.js:103:14:103:17 | path | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1351,6 +1516,11 @@ endpoints
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/TaintedPath.js:104:18:106:18 | functio ...       } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/TaintedPath.js:105:45:105:52 | realpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1559,6 +1729,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | notASinkReason | StringStartsWith | string |
+| autogenerated/TaintedPath/normalizedPaths.js:49:24:49:44 | ".." +  ... ule.sep | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:50:21:50:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1635,6 +1810,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/normalizedPaths.js:117:30:117:43 | req.query.path | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:119:19:119:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1779,6 +1959,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:242:25:242:39 | self.dir.length | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:243:21:243:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1807,6 +1992,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:247:21:247:35 | self.dir.length | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:248:21:248:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1839,6 +2029,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | notASinkReason | StringStartsWith | string |
+| autogenerated/TaintedPath/normalizedPaths.js:261:26:261:46 | ".." +  ... ule.sep | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:262:21:262:24 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1867,6 +2062,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:269:28:269:48 | '..' +  ... ule.sep | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:270:21:270:27 | newpath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1959,6 +2159,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:345:18:345:21 | root | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:346:19:346:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -1991,6 +2196,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | notASinkReason | StringStartsWith | string |
+| autogenerated/TaintedPath/normalizedPaths.js:361:18:361:28 | requestPath | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2011,6 +2221,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | notASinkReason | StringStartsWith | string |
 | autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | notASinkReason | StringStartsWith | string |
+| autogenerated/TaintedPath/normalizedPaths.js:361:31:361:38 | rootPath | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:363:21:363:31 | requestPath | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2043,6 +2258,11 @@ endpoints
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/normalizedPaths.js:371:32:371:39 | rootPath | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/other-fs-libraries.js:11:19:11:22 | path | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2179,6 +2399,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:16:13:33 | req.param("gimme") | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2199,6 +2424,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:13:36:13:58 | { root: ... cwd() } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:13:44:13:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2223,6 +2453,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:16:15:33 | req.param("gimme") | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2243,6 +2478,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:15:36:15:58 | { root: ... cwd() } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:15:44:15:56 | process.cwd() | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2267,6 +2507,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:16:18:32 | req.param("file") | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2287,6 +2532,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/TaintedPath/tainted-sendFile.js:18:35:18:60 | { root: ... dir") } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-sendFile.js:18:43:18:58 | req.param("dir") | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2335,6 +2585,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:33:7:33 | i | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2355,6 +2610,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:7:36:7:36 | j | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:8:18:8:34 | path.substring(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2383,6 +2643,11 @@ endpoints
 | autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | Xss | sinkLabel | NotASink | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/TaintedPath/tainted-string-steps.js:9:36:9:36 | i | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | hasFlowFromSource | true | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/TaintedPath/tainted-string-steps.js:10:18:10:31 | path.substr(4) | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2679,6 +2944,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:5:13:5:19 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2699,6 +2969,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jquery.js:6:5:6:17 | "." + tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jquery.js:7:5:7:34 | "<div i ... + "\\">" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2755,6 +3030,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:8:4:17 | loginUrl() | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2779,6 +3060,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:20:4:32 | {data: "foo"} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2803,6 +3090,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/jwt.js:4:35:7:1 | (data,  ... ENCY]\\n} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/jwt.js:6:14:6:20 | decoded | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2859,6 +3152,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | notASinkReason | DOM | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | notASinkReason | DOM | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:34:28:34:35 | tainted2 | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:36:18:36:25 | tainted2 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2887,6 +3185,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | notASinkReason | DOM | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | notASinkReason | DOM | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:41:28:41:35 | tainted3 | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:43:18:43:25 | tainted3 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2915,6 +3218,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | notASinkReason | DOM | string |
 | autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | notASinkReason | DOM | string |
+| autogenerated/Xss/DomBasedXss/optionalSanitizer.js:45:41:45:46 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/react-native.js:8:18:8:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -2979,6 +3287,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:22:18:22:24 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:23:21:23:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3007,6 +3320,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:27:19:27:25 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:28:21:28:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3035,6 +3353,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/sanitiser.js:32:18:32:24 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/sanitiser.js:33:21:33:44 | '<b>' + ...  '</b>' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3083,6 +3406,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | notASinkReason | ReceiverStorage | string |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:2:39:2:62 | documen ... .search | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3103,6 +3431,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | notASinkReason | ReceiverStorage | string |
+| autogenerated/Xss/DomBasedXss/stored-xss.js:3:35:3:58 | documen ... .search | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/stored-xss.js:5:20:5:52 | session ... ssion') | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3235,6 +3568,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/DomBasedXss/tst.js:8:70:8:113 | documen ... lt=")+8 | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:12:5:12:42 | '<div s ...  'px">' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3287,6 +3625,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | notASinkReason | DOM | string |
 | autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | notASinkReason | DOM | string |
+| autogenerated/Xss/DomBasedXss/tst.js:40:20:40:43 | documen ... .search | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:46:16:46:45 | wrap(do ... search) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3375,6 +3718,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | MembershipCandidateTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:112:20:112:20 | v | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:114:20:114:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3407,6 +3756,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | MembershipCandidateTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:122:15:122:21 | /^\\d+$/ | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:124:22:124:22 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3435,6 +3790,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:132:20:132:20 | v | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:136:18:136:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3463,6 +3823,12 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | MembershipCandidateTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/DomBasedXss/tst.js:138:22:138:22 | v | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:142:18:142:18 | v | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3675,6 +4041,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/tst.js:359:13:364:3 | functio ... OK.\\n\\t\\t} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/tst.js:360:21:360:26 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3771,6 +4142,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:2:38:4:3 | {\\n    p ... Url\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3791,6 +4167,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:3:15:3:23 | remoteUrl | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3811,6 +4192,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:29:6:30 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3831,6 +4217,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:6:33:13:3 | {\\n    s ...   }\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3855,6 +4246,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:16:29:16:30 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3875,6 +4271,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/typeahead.js:17:5:28:5 | {\\n      ... }\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3911,6 +4312,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | notASinkReason | ConstantReceiver | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | notASinkReason | ConstantReceiver | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:6:19:6:25 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3947,6 +4353,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | notASinkReason | ConstantReceiver | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | notASinkReason | ConstantReceiver | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:11:24:11:30 | tainted | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:12:4:12:41 | ["<div  ... .join() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3971,6 +4382,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | notASinkReason | ConstantReceiver | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | notASinkReason | ConstantReceiver | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:32:18:58 | attrs.d ...  'left' | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -3991,6 +4407,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | notASinkReason | ConstantReceiver | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | notASinkReason | ConstantReceiver | string |
+| autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:18:80:18:86 | content | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4031,6 +4452,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:1:19:16:1 | functio ...     }\\n} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4051,6 +4477,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | notASinkReason | ClientRequest | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | notASinkReason | ClientRequest | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:4:21:4:23 | url | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:9:28:9:39 | json.message | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4075,6 +4506,11 @@ endpoints
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/DomBasedXss/xmlRequest.js:14:21:14:25 | error | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:11:18:11:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4155,6 +4591,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | notASinkReason | ReceiverStorage | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | notASinkReason | ReceiverStorage | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:125:45:125:68 | documen ... .search | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:130:18:130:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4215,6 +4656,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:10:204:12 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4235,6 +4681,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:204:15:204:17 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4255,6 +4706,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:206:9:206:11 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4275,6 +4731,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:208:14:208:16 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4295,6 +4756,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:209:15:209:17 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4315,6 +4781,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:210:12:210:14 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4335,6 +4806,11 @@ endpoints
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | notASinkReason | ReceiverStorage | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | notASinkReason | ReceiverStorage | string |
+| autogenerated/Xss/ExceptionXss/exception-xss.js:211:24:211:26 | foo | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/ExceptionXss/exception-xss.js:213:18:213:18 | e | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4359,6 +4835,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:29:33:37 | lastIndex | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4379,6 +4860,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:33:40:33:44 | index | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4399,6 +4885,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:28:41:36 | lastIndex | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4419,6 +4910,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:41:39:41:43 | index | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4439,6 +4935,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:77:35:77:35 | i | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4459,6 +4960,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:34:105:34 | j | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4479,6 +4985,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood3.js:105:37:105:37 | i | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:19:16:19:36 | invalid ... emplate | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4503,6 +5014,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:55:23:55:25 | url | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4523,6 +5039,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | notASinkReason | StringRegExpTest | string |
 | autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | notASinkReason | StringRegExpTest | string |
+| autogenerated/Xss/ReflectedXss/ReflectedXssGood.js:61:23:61:25 | str | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4543,6 +5064,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/ReflectedXss/formatting.js:5:43:5:46 | evil | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4563,6 +5089,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ReflectedXss/partial.js:22:37:22:48 | sendResponse | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4583,6 +5114,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ReflectedXss/partial.js:22:51:22:57 | req.url | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4603,6 +5139,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ReflectedXss/partial.js:31:33:31:44 | sendResponse | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4623,6 +5164,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| autogenerated/Xss/ReflectedXss/partial.js:31:47:31:53 | req.url | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4643,6 +5189,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string |
 | autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | notASinkReason | PromiseDefinition | string |
+| autogenerated/Xss/ReflectedXss/promises.js:5:44:5:57 | req.query.data | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | hasFlowFromSource | true | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4663,6 +5214,11 @@ endpoints
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | notASinkReason | PromiseDefinition | string |
 | autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | notASinkReason | PromiseDefinition | string |
+| autogenerated/Xss/ReflectedXss/promises.js:8:44:8:57 | req.query.data | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4683,6 +5239,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:7:26:9:5 | functio ... K\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4703,6 +5264,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:21:19:24 | sort | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4723,6 +5289,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:19:35:21:9 | functio ...       } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4743,6 +5314,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | notASinkReason | FileSystemAccess | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | notASinkReason | FileSystemAccess | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:25:26:39:5 | functio ... \\n\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4763,6 +5339,11 @@ endpoints
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | notASinkReason | BuiltinCallName | string |
 | autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | notASinkReason | BuiltinCallName | string |
+| autogenerated/Xss/StoredXss/xss-through-filenames.js:30:24:32:9 | functio ...       } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/jquery-plugin.js:3:10:3:32 | ['jquer ... ry-ui'] | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4831,6 +5412,11 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:31:60:38 | defaults | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4851,6 +5437,11 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:60:41:60:47 | options | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4871,6 +5462,11 @@ endpoints
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeHtmlConstruction/main.js:61:22:63:5 | functio ... K\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeHtmlConstruction/main.js:62:11:62:40 | "<b>" + ...  "</b>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -4939,6 +5535,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:18:6:18:11 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:22:6:22:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5019,6 +5620,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:33:67:34 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5039,6 +5645,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:67:37:67:43 | options | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5079,6 +5690,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:81:5:81:24 | "#" + options.target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5099,6 +5715,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:22:86:23 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5119,6 +5740,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:86:26:86:26 | o | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5139,6 +5765,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | notASinkReason | LoggerMethod | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | notASinkReason | LoggerMethod | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:89:16:89:16 | t | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:90:6:90:6 | t | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5163,6 +5794,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | notASinkReason | MembershipCandidateTest | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | notASinkReason | MembershipCandidateTest | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:97:16:97:21 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:98:6:98:11 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5187,6 +5823,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5207,6 +5848,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:105:6:105:12 | options | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:106:5:106:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5235,6 +5881,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:22:115:23 | {} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5255,6 +5906,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:26:115:48 | $.fn.my ... efaults | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5275,6 +5931,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:115:51:115:57 | options | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:116:5:116:16 | options.menu | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5307,6 +5968,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:11:125:14 | $.fn | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5327,6 +5993,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:125:17:129:2 | {\\n\\t\\tmy_ ... \\n\\t\\t}\\n\\t} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:127:6:127:19 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5383,6 +6054,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:155:59:155:64 | target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:41:156:54 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5411,6 +6087,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:156:75:156:88 | options.target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5439,6 +6120,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:157:80:157:95 | options.target.a | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:161:5:161:30 | anyPref ... .target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5483,6 +6169,11 @@ endpoints
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/UnsafeJQueryPlugin/unsafe-jquery-plugin.js:182:20:182:33 | options.target | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/forms.js:9:31:9:40 | values.foo | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5567,6 +6258,11 @@ endpoints
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:7:40:7:53 | {"foo": "bar"} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:8:16:8:53 | $(".som ... arget") | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5615,6 +6311,11 @@ endpoints
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:40:16:40:16 | x | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:47:3:47:40 | $("<p>" ... .text() | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5707,6 +6408,11 @@ endpoints
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | notASinkReason | JQueryArgument | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | Xss | sinkLabel | NotASink | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | hasFlowFromSource | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | isConstantExpression | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | notASinkReason | JQueryArgument | string |
+| autogenerated/Xss/XssThroughDom/xss-through-dom.js:89:23:91:2 | functio ... / OK\\n\\t} | XssThroughDom | sinkLabel | NotASink | string |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | isConstantExpression | false | boolean |
 | autogenerated/Xss/XssThroughDom/xss-through-dom.js:90:22:90:124 | "<a hre ... on</a>" | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5735,6 +6441,11 @@ endpoints
 | index.js:21:9:21:9 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:21:9:21:9 | x | Xss | notASinkReason | LodashUnderscoreArgument | string |
 | index.js:21:9:21:9 | x | Xss | sinkLabel | NotASink | string |
+| index.js:21:9:21:9 | x | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:21:9:21:9 | x | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:21:9:21:9 | x | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:21:9:21:9 | x | XssThroughDom | notASinkReason | LodashUnderscoreArgument | string |
+| index.js:21:9:21:9 | x | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:29:13:29:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5759,6 +6470,11 @@ endpoints
 | index.js:30:11:38:5 | functio ... }\\n    } | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:30:11:38:5 | functio ... }\\n    } | Xss | notASinkReason | DatabaseAccess | string |
 | index.js:30:11:38:5 | functio ... }\\n    } | Xss | sinkLabel | NotASink | string |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | notASinkReason | DatabaseAccess | string |
+| index.js:30:11:38:5 | functio ... }\\n    } | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:36:21:36:33 | adminUsers[i] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5779,6 +6495,11 @@ endpoints
 | index.js:36:21:36:33 | adminUsers[i] | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:36:21:36:33 | adminUsers[i] | Xss | notASinkReason | LoggerMethod | string |
 | index.js:36:21:36:33 | adminUsers[i] | Xss | sinkLabel | NotASink | string |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:36:21:36:33 | adminUsers[i] | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5799,6 +6520,11 @@ endpoints
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | notASinkReason | LoggerMethod | string |
 | index.js:46:35:46:69 | c > 100 ... ENERAL' | Xss | sinkLabel | NotASink | string |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:46:35:46:69 | c > 100 ... ENERAL' | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:46:72:46:72 | x | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:46:72:46:72 | x | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:46:72:46:72 | x | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5819,6 +6545,11 @@ endpoints
 | index.js:46:72:46:72 | x | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:46:72:46:72 | x | Xss | notASinkReason | LoggerMethod | string |
 | index.js:46:72:46:72 | x | Xss | sinkLabel | NotASink | string |
+| index.js:46:72:46:72 | x | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:46:72:46:72 | x | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:46:72:46:72 | x | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:46:72:46:72 | x | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:46:72:46:72 | x | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:46:75:46:75 | o | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:46:75:46:75 | o | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:46:75:46:75 | o | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5839,6 +6570,11 @@ endpoints
 | index.js:46:75:46:75 | o | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:46:75:46:75 | o | Xss | notASinkReason | LoggerMethod | string |
 | index.js:46:75:46:75 | o | Xss | sinkLabel | NotASink | string |
+| index.js:46:75:46:75 | o | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:46:75:46:75 | o | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:46:75:46:75 | o | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:46:75:46:75 | o | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:46:75:46:75 | o | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:50:15:50:19 | ready | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:50:15:50:19 | ready | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:50:15:50:19 | ready | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -5859,6 +6595,11 @@ endpoints
 | index.js:50:15:50:19 | ready | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:50:15:50:19 | ready | Xss | notASinkReason | Timeout | string |
 | index.js:50:15:50:19 | ready | Xss | sinkLabel | NotASink | string |
+| index.js:50:15:50:19 | ready | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:50:15:50:19 | ready | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:50:15:50:19 | ready | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:50:15:50:19 | ready | XssThroughDom | notASinkReason | Timeout | string |
+| index.js:50:15:50:19 | ready | XssThroughDom | sinkLabel | NotASink | string |
 tokenFeatures
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | CalleeFlexibleAccessPath | doc.find |
 | autogenerated/NosqlAndSqlInjection/untyped/json-schema-validator.js:27:22:27:26 | query | InputAccessPathFromCallee |  |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected
index cb29a7ee955..f2e04cfa063 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/FilteredTruePositives.expected
@@ -14,3 +14,11 @@ xssFilteredTruePositives
 | autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | not a direct argument to a likely external library call or a heuristic sink (xss) |
 | autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | not a direct argument to a likely external library call or a heuristic sink (xss) |
+xssThroughDomFilteredTruePositives
+| autogenerated/Xss/DomBasedXss/d3.js:12:20:12:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/d3.js:14:20:14:29 | getTaint() | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/express.js:7:15:7:33 | req.param("wobble") | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/jwt-server.js:11:19:11:29 | decoded.foo | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/tst.js:316:35:316:42 | location | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/typeahead.js:10:16:10:18 | loc | not a direct argument to a likely external library call or a heuristic sink (xss) |
+| autogenerated/Xss/DomBasedXss/typeahead.js:25:18:25:20 | val | not a direct argument to a likely external library call or a heuristic sink (xss) |
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected
index bbdd33e8965..55423976708 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_unit_tests/ExtractEndpointDataTraining.expected
@@ -23,6 +23,11 @@ endpoints
 | index.js:15:17:15:32 | req.body.isAdmin | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:15:17:15:32 | req.body.isAdmin | Xss | notASinkReason | LoggerMethod | string |
 | index.js:15:17:15:32 | req.body.isAdmin | Xss | sinkLabel | NotASink | string |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | notASinkReason | LoggerMethod | string |
+| index.js:15:17:15:32 | req.body.isAdmin | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:20:13:20:31 | { 'isAdmin': true } | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -55,6 +60,12 @@ endpoints
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | ClientRequest | string |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | notASinkReason | JQueryArgument | string |
 | index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | Xss | sinkLabel | NotASink | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | notASinkReason | ClientRequest | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | notASinkReason | JQueryArgument | string |
+| index.js:83:10:85:3 | {\\n    " ... ar,\\n  } | XssThroughDom | sinkLabel | NotASink | string |
 | index.js:84:12:84:18 | foo.bar | NosqlInjection | hasFlowFromSource | false | boolean |
 | index.js:84:12:84:18 | foo.bar | NosqlInjection | isConstantExpression | false | boolean |
 | index.js:84:12:84:18 | foo.bar | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
@@ -75,6 +86,11 @@ endpoints
 | index.js:84:12:84:18 | foo.bar | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | index.js:84:12:84:18 | foo.bar | Xss | notASinkReason | ClientRequest | string |
 | index.js:84:12:84:18 | foo.bar | Xss | sinkLabel | NotASink | string |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | hasFlowFromSource | false | boolean |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | isConstantExpression | false | boolean |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | isExcludedFromEndToEndEvaluation | false | boolean |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | notASinkReason | ClientRequest | string |
+| index.js:84:12:84:18 | foo.bar | XssThroughDom | sinkLabel | NotASink | string |
 tokenFeatures
 | index.js:9:15:9:45 | { 'isAd ... Admin } | CalleeFlexibleAccessPath | User.find |
 | index.js:9:15:9:45 | { 'isAd ... Admin } | InputAccessPathFromCallee |  |

From ae0d82efd881d2a835eb094af79c5b43d62901dd Mon Sep 17 00:00:00 2001
From: Jean Helie <jhelie@github.com>
Date: Thu, 1 Dec 2022 18:22:33 +0100
Subject: [PATCH 4/6] ATM: update predicate name

---
 .../experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql
index 60df6941400..494b308893f 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql
+++ b/javascript/ql/experimental/adaptivethreatmodeling/src/XssThroughDomATM.ql
@@ -19,7 +19,7 @@ import DataFlow::PathGraph
 import experimental.adaptivethreatmodeling.XssThroughDomATM
 
 from AtmConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink, float score
-where cfg.getAlerts(source, sink, score)
+where cfg.hasBoostedFlowPath(source, sink, score)
 select sink.getNode(), source, sink,
   "(Experimental) $@ may be reinterpreted as HTML without escaping meta-characters. Identified using machine learning.",
   source.getNode(), "DOM text", score

From 98923cee94ebcfc0a9560456a3d2b829f8a7a6c7 Mon Sep 17 00:00:00 2001
From: Jean Helie <jhelie@github.com>
Date: Thu, 1 Dec 2022 18:47:36 +0100
Subject: [PATCH 5/6] ATM: update missing .qll

---
 .../modelbuilding/extraction/ExtractEndpointDataTraining.qll   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.qll
index 99cba794cfa..763c74c7cf3 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.qll
+++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/ExtractEndpointDataTraining.qll
@@ -14,6 +14,7 @@ private import experimental.adaptivethreatmodeling.NosqlInjectionATM as NosqlInj
 private import experimental.adaptivethreatmodeling.SqlInjectionATM as SqlInjectionAtm
 private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPathAtm
 private import experimental.adaptivethreatmodeling.XssATM as XssAtm
+private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
 
 /**
  * Gets the set of featureName-featureValue pairs for each endpoint in the training set.
@@ -214,6 +215,8 @@ DataFlow::Configuration getDataFlowCfg(Query query) {
   query instanceof TaintedPathQuery and result instanceof TaintedPathAtm::TaintedPathAtmConfig
   or
   query instanceof XssQuery and result instanceof XssAtm::DomBasedXssAtmConfig
+  or
+  query instanceof XssThroughDomQuery and result instanceof XssThroughDomAtm::XssThroughDomAtmConfig
 }
 
 // TODO: Delete this once we are no longer surfacing `hasFlowFromSource`.

From 352d1a7e8cb5c043e75fb0a87f79d124d22f9d45 Mon Sep 17 00:00:00 2001
From: Jean Helie <jhelie@github.com>
Date: Thu, 1 Dec 2022 19:01:30 +0100
Subject: [PATCH 6/6] ATM: update tests

---
 .../ExtractEndpointDataTraining.expected         | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
index 378827bd6d4..18822ab887b 100644
--- a/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
+++ b/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ExtractEndpointDataTraining.expected
@@ -1028,34 +1028,34 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:15:20:15:35 | ["key", "value"] | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:18:16:18:18 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:19:43:19:45 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:25:14:25:16 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | NosqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | SqlInjection | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | notASinkReason | DatabaseAccess | string |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | TaintedPath | sinkLabel | NotASink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:26:14:26:16 | key | Xss | notASinkReason | DatabaseAccess | string |
@@ -1119,7 +1119,7 @@ endpoints
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:30:23:30:25 | key | NosqlInjection | sinkLabel | Sink | string |
-| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | hasFlowFromSource | true | boolean |
+| autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | hasFlowFromSource | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isConstantExpression | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | isExcludedFromEndToEndEvaluation | false | boolean |
 | autogenerated/NosqlAndSqlInjection/untyped/redis.js:32:28:32:30 | key | NosqlInjection | sinkLabel | Sink | string |