hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
45c8ec96df5b16e7d33a7f87d0b034efe3a88916
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected

1337 lines
116 KiB
Plaintext
Raw Blame History

nodes
| addEventListener.js:1:43:1:47 | event | semmle.label | event |
| addEventListener.js:2:20:2:24 | event | semmle.label | event |
| addEventListener.js:2:20:2:29 | event.data | semmle.label | event.data |
| addEventListener.js:5:43:5:48 | data | semmle.label | data |
| addEventListener.js:5:43:5:48 | {data} | semmle.label | {data} |
| addEventListener.js:6:20:6:23 | data | semmle.label | data |
| addEventListener.js:10:21:10:25 | event | semmle.label | event |
| addEventListener.js:12:24:12:28 | event | semmle.label | event |
| addEventListener.js:12:24:12:33 | event.data | semmle.label | event.data |
| angular2-client.ts:24:44:24:71 | \\u0275getDOM ... ().href | semmle.label | \\u0275getDOM ... ().href |
| angular2-client.ts:26:44:26:69 | this.ro ... .params | semmle.label | this.ro ... .params |
| angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | semmle.label | this.ro ... ams.foo |
| angular2-client.ts:27:44:27:74 | this.ro ... yParams | semmle.label | this.ro ... yParams |
| angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | semmle.label | this.ro ... ams.foo |
| angular2-client.ts:28:44:28:71 | this.ro ... ragment | semmle.label | this.ro ... ragment |
| angular2-client.ts:29:44:29:82 | this.ro ... ('foo') | semmle.label | this.ro ... ('foo') |
| angular2-client.ts:30:44:30:87 | this.ro ... ('foo') | semmle.label | this.ro ... ('foo') |
| angular2-client.ts:32:46:32:59 | map.get('foo') | semmle.label | map.get('foo') |
| angular2-client.ts:35:44:35:74 | this.ro ... 1].path | semmle.label | this.ro ... 1].path |
| angular2-client.ts:36:44:36:80 | this.ro ... ameters | semmle.label | this.ro ... ameters |
| angular2-client.ts:36:44:36:82 | this.ro ... eters.x | semmle.label | this.ro ... eters.x |
| angular2-client.ts:37:44:37:91 | this.ro ... et('x') | semmle.label | this.ro ... et('x') |
| angular2-client.ts:38:44:38:89 | this.ro ... .params | semmle.label | this.ro ... .params |
| angular2-client.ts:38:44:38:91 | this.ro ... arams.x | semmle.label | this.ro ... arams.x |
| angular2-client.ts:40:44:40:58 | this.router.url | semmle.label | this.router.url |
| angular2-client.ts:42:45:42:59 | this.router.url | semmle.label | this.router.url |
| angular2-client.ts:43:75:43:105 | this.ro ... yParams | semmle.label | this.ro ... yParams |
| angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | semmle.label | this.ro ... ams.foo |
| angular2-client.ts:47:44:47:76 | routeSn ... ('foo') | semmle.label | routeSn ... ('foo') |
| angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | semmle.label | Cookie.get("unsafe") |
| angular-tempate-url.js:13:30:13:31 | ev | semmle.label | ev |
| angular-tempate-url.js:14:26:14:27 | ev | semmle.label | ev |
| angular-tempate-url.js:14:26:14:32 | ev.data | semmle.label | ev.data |
| classnames.js:7:31:7:84 | `<span ... <span>` | semmle.label | `<span ... <span>` |
| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) |
| classnames.js:7:58:7:68 | window.name | semmle.label | window.name |
| classnames.js:8:31:8:85 | `<span ... <span>` | semmle.label | `<span ... <span>` |
| classnames.js:8:47:8:70 | classNa ... w.name) | semmle.label | classNa ... w.name) |
| classnames.js:8:59:8:69 | window.name | semmle.label | window.name |
| classnames.js:9:31:9:85 | `<span ... <span>` | semmle.label | `<span ... <span>` |
| classnames.js:9:47:9:70 | classNa ... w.name) | semmle.label | classNa ... w.name) |
| classnames.js:9:59:9:69 | window.name | semmle.label | window.name |
| classnames.js:10:45:10:55 | window.name | semmle.label | window.name |
| classnames.js:11:31:11:79 | `<span ... <span>` | semmle.label | `<span ... <span>` |
| classnames.js:11:47:11:64 | unsafeStyle('foo') | semmle.label | unsafeStyle('foo') |
| classnames.js:13:31:13:83 | `<span ... <span>` | semmle.label | `<span ... <span>` |
| classnames.js:13:47:13:68 | safeSty ... w.name) | semmle.label | safeSty ... w.name) |
| classnames.js:13:57:13:67 | window.name | semmle.label | window.name |
| classnames.js:15:31:15:78 | `<span ... <span>` | semmle.label | `<span ... <span>` |
| classnames.js:15:47:15:63 | clsx(window.name) | semmle.label | clsx(window.name) |
| classnames.js:15:52:15:62 | window.name | semmle.label | window.name |
| classnames.js:17:32:17:79 | `<span ... <span>` | semmle.label | `<span ... <span>` |
| classnames.js:17:48:17:64 | clsx(window.name) | semmle.label | clsx(window.name) |
| classnames.js:17:53:17:63 | window.name | semmle.label | window.name |
| clipboard.ts:8:11:8:51 | html | semmle.label | html |
| clipboard.ts:8:18:8:51 | clipboa ... /html') | semmle.label | clipboa ... /html') |
| clipboard.ts:15:25:15:28 | html | semmle.label | html |
| clipboard.ts:24:23:24:58 | e.clipb ... /html') | semmle.label | e.clipb ... /html') |
| clipboard.ts:29:19:29:54 | e.clipb ... /html') | semmle.label | e.clipb ... /html') |
| clipboard.ts:33:19:33:68 | e.origi ... /html') | semmle.label | e.origi ... /html') |
| clipboard.ts:43:15:43:55 | html | semmle.label | html |
| clipboard.ts:43:22:43:55 | clipboa ... /html') | semmle.label | clipboa ... /html') |
| clipboard.ts:50:29:50:32 | html | semmle.label | html |
| clipboard.ts:71:13:71:62 | droppedHtml | semmle.label | droppedHtml |
| clipboard.ts:71:27:71:62 | e.clipb ... /html') | semmle.label | e.clipb ... /html') |
| clipboard.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml |
| clipboard.ts:98:15:98:54 | html | semmle.label | html |
| clipboard.ts:98:22:98:54 | dataTra ... /html') | semmle.label | dataTra ... /html') |
| clipboard.ts:99:23:99:26 | html | semmle.label | html |
| custom-element.js:5:26:5:36 | window.name | semmle.label | window.name |
| d3.js:4:12:4:22 | window.name | semmle.label | window.name |
| d3.js:11:15:11:24 | getTaint() | semmle.label | getTaint() |
| d3.js:12:20:12:29 | getTaint() | semmle.label | getTaint() |
| d3.js:14:20:14:29 | getTaint() | semmle.label | getTaint() |
| d3.js:21:15:21:24 | getTaint() | semmle.label | getTaint() |
| dates.js:9:9:9:69 | taint | semmle.label | taint |
| dates.js:9:17:9:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) |
| dates.js:9:36:9:55 | window.location.hash | semmle.label | window.location.hash |
| dates.js:9:36:9:68 | window. ... ring(1) | semmle.label | window. ... ring(1) |
| dates.js:11:31:11:70 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:11:42:11:68 | dateFns ... taint) | semmle.label | dateFns ... taint) |
| dates.js:11:63:11:67 | taint | semmle.label | taint |
| dates.js:12:31:12:73 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:12:42:12:71 | dateFns ... taint) | semmle.label | dateFns ... taint) |
| dates.js:12:66:12:70 | taint | semmle.label | taint |
| dates.js:13:31:13:72 | `Time i ... time)}` | semmle.label | `Time i ... time)}` |
| dates.js:13:42:13:70 | dateFns ... )(time) | semmle.label | dateFns ... )(time) |
| dates.js:13:59:13:63 | taint | semmle.label | taint |
| dates.js:16:31:16:69 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:16:42:16:67 | moment( ... (taint) | semmle.label | moment( ... (taint) |
| dates.js:16:62:16:66 | taint | semmle.label | taint |
| dates.js:18:31:18:66 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:18:42:18:64 | datefor ... taint) | semmle.label | datefor ... taint) |
| dates.js:18:59:18:63 | taint | semmle.label | taint |
| dates.js:21:31:21:68 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:21:42:21:66 | dayjs(t ... (taint) | semmle.label | dayjs(t ... (taint) |
| dates.js:21:61:21:65 | taint | semmle.label | taint |
| dates.js:30:9:30:69 | taint | semmle.label | taint |
| dates.js:30:17:30:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) |
| dates.js:30:36:30:55 | window.location.hash | semmle.label | window.location.hash |
| dates.js:30:36:30:68 | window. ... ring(1) | semmle.label | window. ... ring(1) |
| dates.js:37:31:37:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:37:42:37:82 | dateFns ... taint) | semmle.label | dateFns ... taint) |
| dates.js:37:77:37:81 | taint | semmle.label | taint |
| dates.js:38:31:38:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:38:42:38:82 | luxon.f ... taint) | semmle.label | luxon.f ... taint) |
| dates.js:38:77:38:81 | taint | semmle.label | taint |
| dates.js:39:31:39:86 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:39:42:39:84 | moment. ... taint) | semmle.label | moment. ... taint) |
| dates.js:39:79:39:83 | taint | semmle.label | taint |
| dates.js:40:31:40:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:40:42:40:82 | dayjs.f ... taint) | semmle.label | dayjs.f ... taint) |
| dates.js:40:77:40:81 | taint | semmle.label | taint |
| dates.js:46:9:46:69 | taint | semmle.label | taint |
| dates.js:46:17:46:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) |
| dates.js:46:36:46:55 | window.location.hash | semmle.label | window.location.hash |
| dates.js:46:36:46:68 | window. ... ring(1) | semmle.label | window. ... ring(1) |
| dates.js:48:31:48:90 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:48:42:48:88 | DateTim ... (taint) | semmle.label | DateTim ... (taint) |
| dates.js:48:83:48:87 | taint | semmle.label | taint |
| dates.js:49:31:49:89 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:49:42:49:87 | new Dat ... (taint) | semmle.label | new Dat ... (taint) |
| dates.js:49:82:49:86 | taint | semmle.label | taint |
| dates.js:50:31:50:104 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:50:42:50:102 | DateTim ... (taint) | semmle.label | DateTim ... (taint) |
| dates.js:50:97:50:101 | taint | semmle.label | taint |
| dates.js:54:9:54:69 | taint | semmle.label | taint |
| dates.js:54:17:54:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) |
| dates.js:54:36:54:55 | window.location.hash | semmle.label | window.location.hash |
| dates.js:54:36:54:68 | window. ... ring(1) | semmle.label | window. ... ring(1) |
| dates.js:57:31:57:101 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:57:42:57:99 | moment. ... (taint) | semmle.label | moment. ... (taint) |
| dates.js:57:94:57:98 | taint | semmle.label | taint |
| dates.js:59:31:59:87 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:59:42:59:85 | luxon.e ... (taint) | semmle.label | luxon.e ... (taint) |
| dates.js:59:80:59:84 | taint | semmle.label | taint |
| dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` |
| dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) |
| dates.js:61:81:61:85 | taint | semmle.label | taint |
| dragAndDrop.ts:8:11:8:50 | html | semmle.label | html |
| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') |
| dragAndDrop.ts:15:25:15:28 | html | semmle.label | html |
| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | semmle.label | e.dataT ... /html') |
| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | semmle.label | e.dataT ... /html') |
| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | semmle.label | e.origi ... /html') |
| dragAndDrop.ts:43:15:43:54 | html | semmle.label | html |
| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | semmle.label | dataTra ... /html') |
| dragAndDrop.ts:50:29:50:32 | html | semmle.label | html |
| dragAndDrop.ts:71:13:71:61 | droppedHtml | semmle.label | droppedHtml |
| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | semmle.label | e.dataT ... /html') |
| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml |
| event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | semmle.label | '<h2><a ... ></h2>' |
| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href |
| express.js:6:15:6:33 | req.param("wobble") | semmle.label | req.param("wobble") |
| hana.js:11:37:11:40 | rows | semmle.label | rows |
| hana.js:11:37:11:51 | rows[0].comment | semmle.label | rows[0].comment |
| hana.js:16:37:16:40 | rows | semmle.label | rows |
| hana.js:16:37:16:51 | rows[0].comment | semmle.label | rows[0].comment |
| hana.js:19:37:19:40 | rows | semmle.label | rows |
| hana.js:19:37:19:51 | rows[0].comment | semmle.label | rows[0].comment |
| hana.js:22:37:22:38 | rs | semmle.label | rs |
| hana.js:22:37:22:49 | rs[0].comment | semmle.label | rs[0].comment |
| hana.js:38:31:38:32 | rs | semmle.label | rs |
| hana.js:38:31:38:43 | rs[0].comment | semmle.label | rs[0].comment |
| hana.js:43:33:43:41 | dummyRows | semmle.label | dummyRows |
| hana.js:43:33:43:52 | dummyRows[0].comment | semmle.label | dummyRows[0].comment |
| hana.js:44:33:44:42 | tablesRows | semmle.label | tablesRows |
| hana.js:44:33:44:53 | tablesR ... comment | semmle.label | tablesR ... comment |
| hana.js:50:33:50:41 | dummyRows | semmle.label | dummyRows |
| hana.js:50:33:50:52 | dummyRows[0].comment | semmle.label | dummyRows[0].comment |
| hana.js:51:33:51:42 | tablesRows | semmle.label | tablesRows |
| hana.js:51:33:51:53 | tablesR ... comment | semmle.label | tablesR ... comment |
| hana.js:70:33:70:36 | rows | semmle.label | rows |
| hana.js:70:33:70:47 | rows[0].comment | semmle.label | rows[0].comment |
| hana.js:73:33:73:36 | rows | semmle.label | rows |
| hana.js:73:33:73:47 | rows[0].comment | semmle.label | rows[0].comment |
| hana.js:84:35:84:43 | dummyRows | semmle.label | dummyRows |
| hana.js:84:35:84:54 | dummyRows[0].comment | semmle.label | dummyRows[0].comment |
| hana.js:85:35:85:43 | tableRows | semmle.label | tableRows |
| hana.js:85:35:85:54 | tableRows[0].comment | semmle.label | tableRows[0].comment |
| hana.js:90:33:90:34 | rs | semmle.label | rs |
| hana.js:90:33:90:45 | rs[0].comment | semmle.label | rs[0].comment |
| jquery.js:2:7:2:40 | tainted | semmle.label | tainted |
| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search |
| jquery.js:4:5:4:11 | tainted | semmle.label | tainted |
| jquery.js:5:13:5:19 | tainted | semmle.label | tainted |
| jquery.js:6:11:6:17 | tainted | semmle.label | tainted |
| jquery.js:7:5:7:34 | "<div i ... + "\\">" | semmle.label | "<div i ... + "\\">" |
| jquery.js:7:20:7:26 | tainted | semmle.label | tainted |
| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted |
| jquery.js:8:28:8:34 | tainted | semmle.label | tainted |
| jquery.js:10:5:10:40 | "<b>" + ... "</b>" | semmle.label | "<b>" + ... "</b>" |
| jquery.js:10:13:10:20 | location | semmle.label | location |
| jquery.js:10:13:10:31 | location.toString() | semmle.label | location.toString() |
| jquery.js:14:19:14:58 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) |
| jquery.js:14:38:14:57 | window.location.hash | semmle.label | window.location.hash |
| jquery.js:15:19:15:60 | decodeU ... search) | semmle.label | decodeU ... search) |
| jquery.js:15:38:15:59 | window. ... .search | semmle.label | window. ... .search |
| jquery.js:16:19:16:64 | decodeU ... ring()) | semmle.label | decodeU ... ring()) |
| jquery.js:16:38:16:52 | window.location | semmle.label | window.location |
| jquery.js:16:38:16:63 | window. ... tring() | semmle.label | window. ... tring() |
| jquery.js:18:7:18:33 | hash | semmle.label | hash |
| jquery.js:18:14:18:33 | window.location.hash | semmle.label | window.location.hash |
| jquery.js:21:5:21:8 | hash | semmle.label | hash |
| jquery.js:21:5:21:21 | hash.substring(1) | semmle.label | hash.substring(1) |
| jquery.js:22:5:22:8 | hash | semmle.label | hash |
| jquery.js:22:5:22:25 | hash.su ... (1, 10) | semmle.label | hash.su ... (1, 10) |
| jquery.js:23:5:23:8 | hash | semmle.label | hash |
| jquery.js:23:5:23:18 | hash.substr(1) | semmle.label | hash.substr(1) |
| jquery.js:24:5:24:8 | hash | semmle.label | hash |
| jquery.js:24:5:24:17 | hash.slice(1) | semmle.label | hash.slice(1) |
| jquery.js:27:5:27:8 | hash | semmle.label | hash |
| jquery.js:27:5:27:25 | hash.re ... #', '') | semmle.label | hash.re ... #', '') |
| jquery.js:28:5:28:26 | window. ... .search | semmle.label | window. ... .search |
| jquery.js:28:5:28:43 | window. ... ?', '') | semmle.label | window. ... ?', '') |
| jquery.js:34:5:34:25 | '<b>' + ... '</b>' | semmle.label | '<b>' + ... '</b>' |
| jquery.js:34:13:34:16 | hash | semmle.label | hash |
| jquery.js:36:25:36:31 | tainted | semmle.label | tainted |
| jquery.js:37:25:37:37 | () => tainted | semmle.label | () => tainted |
| jquery.js:37:31:37:37 | tainted | semmle.label | tainted |
| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") |
| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale |
| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale |
| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | semmle.label | JSON.st ... jsonLD) |
| jwt-server.js:7:9:7:35 | taint | semmle.label | taint |
| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") |
| jwt-server.js:9:16:9:20 | taint | semmle.label | taint |
| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded |
| jwt-server.js:10:19:10:25 | decoded | semmle.label | decoded |
| jwt-server.js:10:19:10:29 | decoded.foo | semmle.label | decoded.foo |
| jwt.js:4:36:4:39 | data | semmle.label | data |
| jwt.js:5:9:5:34 | decoded | semmle.label | decoded |
| jwt.js:5:19:5:34 | jwt_decode(data) | semmle.label | jwt_decode(data) |
| jwt.js:5:30:5:33 | data | semmle.label | data |
| jwt.js:6:14:6:20 | decoded | semmle.label | decoded |
| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | semmle.label | `Hi, yo ... sage}.` |
| nodemailer.js:13:50:13:66 | req.query.message | semmle.label | req.query.message |
| optionalSanitizer.js:2:7:2:39 | target | semmle.label | target |
| optionalSanitizer.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search |
| optionalSanitizer.js:6:18:6:23 | target | semmle.label | target |
| optionalSanitizer.js:8:7:8:22 | tainted | semmle.label | tainted |
| optionalSanitizer.js:8:17:8:22 | target | semmle.label | target |
| optionalSanitizer.js:9:18:9:24 | tainted | semmle.label | tainted |
| optionalSanitizer.js:15:9:15:14 | target | semmle.label | target |
| optionalSanitizer.js:16:18:16:18 | x | semmle.label | x |
| optionalSanitizer.js:17:20:17:20 | x | semmle.label | x |
| optionalSanitizer.js:26:7:26:39 | target | semmle.label | target |
| optionalSanitizer.js:26:16:26:39 | documen ... .search | semmle.label | documen ... .search |
| optionalSanitizer.js:28:24:28:24 | x | semmle.label | x |
| optionalSanitizer.js:29:12:29:12 | x | semmle.label | x |
| optionalSanitizer.js:31:7:31:23 | tainted2 | semmle.label | tainted2 |
| optionalSanitizer.js:31:18:31:23 | target | semmle.label | target |
| optionalSanitizer.js:32:18:32:25 | tainted2 | semmle.label | tainted2 |
| optionalSanitizer.js:34:5:34:36 | tainted2 | semmle.label | tainted2 |
| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | semmle.label | sanitiz ... inted2) |
| optionalSanitizer.js:34:28:34:35 | tainted2 | semmle.label | tainted2 |
| optionalSanitizer.js:36:18:36:25 | tainted2 | semmle.label | tainted2 |
| optionalSanitizer.js:38:7:38:23 | tainted3 | semmle.label | tainted3 |
| optionalSanitizer.js:38:18:38:23 | target | semmle.label | target |
| optionalSanitizer.js:39:18:39:25 | tainted3 | semmle.label | tainted3 |
| optionalSanitizer.js:41:5:41:36 | tainted3 | semmle.label | tainted3 |
| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | semmle.label | sanitiz ... inted3) |
| optionalSanitizer.js:41:28:41:35 | tainted3 | semmle.label | tainted3 |
| optionalSanitizer.js:43:18:43:25 | tainted3 | semmle.label | tainted3 |
| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | semmle.label | sanitiz ... target |
| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | semmle.label | sanitizeBad(target) |
| optionalSanitizer.js:45:41:45:46 | target | semmle.label | target |
| optionalSanitizer.js:45:51:45:56 | target | semmle.label | target |
| pages/[id].jsx:3:30:3:35 | params [id] | semmle.label | params [id] |
| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] |
| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } |
| pages/[id].jsx:5:9:5:29 | id | semmle.label | id |
| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query |
| pages/[id].jsx:10:44:10:45 | id | semmle.label | id |
| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] |
| pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id |
| pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] |
| pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q |
| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [id] | semmle.label | {\\n ... e\\n } [id] |
| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [q] | semmle.label | {\\n ... e\\n } [q] |
| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" |
| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" |
| react-native.js:7:7:7:33 | tainted | semmle.label | tainted |
| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") |
| react-native.js:8:18:8:24 | tainted | semmle.label | tainted |
| react-native.js:9:27:9:33 | tainted | semmle.label | tainted |
| react-use-context.js:10:22:10:32 | window.name | semmle.label | window.name |
| react-use-context.js:16:26:16:36 | window.name | semmle.label | window.name |
| react-use-router.js:8:21:8:32 | router.query | semmle.label | router.query |
| react-use-router.js:8:21:8:39 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query |
| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query |
| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query |
| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-state.js:4:9:4:49 | state | semmle.label | state |
| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name |
| react-use-state.js:5:51:5:55 | state | semmle.label | state |
| react-use-state.js:9:9:9:43 | state | semmle.label | state |
| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name |
| react-use-state.js:11:51:11:55 | state | semmle.label | state |
| react-use-state.js:15:9:15:43 | state | semmle.label | state |
| react-use-state.js:15:10:15:14 | state | semmle.label | state |
| react-use-state.js:16:20:16:30 | window.name | semmle.label | window.name |
| react-use-state.js:17:51:17:55 | state | semmle.label | state |
| react-use-state.js:21:10:21:14 | state | semmle.label | state |
| react-use-state.js:22:14:22:17 | prev | semmle.label | prev |
| react-use-state.js:23:35:23:38 | prev | semmle.label | prev |
| react-use-state.js:25:20:25:30 | window.name | semmle.label | window.name |
| sanitiser.js:16:7:16:27 | tainted | semmle.label | tainted |
| sanitiser.js:16:17:16:27 | window.name | semmle.label | window.name |
| sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' | semmle.label | '<b>' + ... '</b>' |
| sanitiser.js:23:29:23:35 | tainted | semmle.label | tainted |
| sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' | semmle.label | '<b>' + ... '</b>' |
| sanitiser.js:30:29:30:35 | tainted | semmle.label | tainted |
| sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' | semmle.label | '<b>' + ... '</b>' |
| sanitiser.js:33:29:33:35 | tainted | semmle.label | tainted |
| sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' | semmle.label | '<b>' + ... '</b>' |
| sanitiser.js:38:29:38:35 | tainted | semmle.label | tainted |
| sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' | semmle.label | '<b>' + ... '</b>' |
| sanitiser.js:45:29:45:35 | tainted | semmle.label | tainted |
| sanitiser.js:48:19:48:25 | tainted | semmle.label | tainted |
| sanitiser.js:48:19:48:46 | tainted ... /g, '') | semmle.label | tainted ... /g, '') |
| stored-xss.js:2:39:2:62 | documen ... .search | semmle.label | documen ... .search |
| stored-xss.js:3:35:3:58 | documen ... .search | semmle.label | documen ... .search |
| stored-xss.js:5:20:5:52 | session ... ssion') | semmle.label | session ... ssion') |
| stored-xss.js:8:20:8:48 | localSt ... local') | semmle.label | localSt ... local') |
| stored-xss.js:10:9:10:44 | href | semmle.label | href |
| stored-xss.js:10:16:10:44 | localSt ... local') | semmle.label | localSt ... local') |
| stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | semmle.label | "<a hre ... ar</a>" |
| stored-xss.js:12:35:12:38 | href | semmle.label | href |
| string-manipulations.js:3:16:3:32 | document.location | semmle.label | document.location |
| string-manipulations.js:4:16:4:37 | documen ... on.href | semmle.label | documen ... on.href |
| string-manipulations.js:5:16:5:37 | documen ... on.href | semmle.label | documen ... on.href |
| string-manipulations.js:5:16:5:47 | documen ... lueOf() | semmle.label | documen ... lueOf() |
| string-manipulations.js:6:16:6:37 | documen ... on.href | semmle.label | documen ... on.href |
| string-manipulations.js:6:16:6:43 | documen ... f.sup() | semmle.label | documen ... f.sup() |
| string-manipulations.js:7:16:7:37 | documen ... on.href | semmle.label | documen ... on.href |
| string-manipulations.js:7:16:7:51 | documen ... rCase() | semmle.label | documen ... rCase() |
| string-manipulations.js:8:16:8:37 | documen ... on.href | semmle.label | documen ... on.href |
| string-manipulations.js:8:16:8:48 | documen ... mLeft() | semmle.label | documen ... mLeft() |
| string-manipulations.js:9:16:9:58 | String. ... n.href) | semmle.label | String. ... n.href) |
| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href |
| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href |
| tainted-url-suffix-arguments.js:3:17:3:17 | y | semmle.label | y |
| tainted-url-suffix-arguments.js:6:22:6:22 | y | semmle.label | y |
| tainted-url-suffix-arguments.js:11:11:11:36 | url | semmle.label | url |
| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | semmle.label | window.location.href |
| tainted-url-suffix-arguments.js:12:17:12:19 | url | semmle.label | url |
| tooltip.jsx:6:11:6:30 | source | semmle.label | source |
| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name |
| tooltip.jsx:10:25:10:30 | source | semmle.label | source |
| tooltip.jsx:11:25:11:30 | source | semmle.label | source |
| tooltip.jsx:17:11:17:33 | provide [source] | semmle.label | provide [source] |
| tooltip.jsx:17:21:17:33 | props.provide [source] | semmle.label | props.provide [source] |
| tooltip.jsx:18:51:18:57 | provide [source] | semmle.label | provide [source] |
| tooltip.jsx:18:51:18:59 | provide() | semmle.label | provide() |
| tooltip.jsx:22:11:22:30 | source | semmle.label | source |
| tooltip.jsx:22:20:22:30 | window.name | semmle.label | window.name |
| tooltip.jsx:23:38:23:43 | source | semmle.label | source |
| translate.js:6:7:6:39 | target | semmle.label | target |
| translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search |
| translate.js:7:7:7:61 | searchParams | semmle.label | searchParams |
| translate.js:7:7:7:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
| translate.js:7:22:7:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) |
| translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] |
| translate.js:7:42:7:47 | target | semmle.label | target |
| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) |
| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) |
| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) |
| translate.js:8:27:8:38 | searchParams | semmle.label | searchParams |
| translate.js:8:27:8:38 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
| translate.js:8:27:8:50 | searchP ... 'term') | semmle.label | searchP ... 'term') |
| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x |
| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x |
| trusted-types.js:3:62:3:62 | x | semmle.label | x |
| trusted-types.js:3:67:3:67 | x | semmle.label | x |
| trusted-types.js:4:20:4:30 | window.name | semmle.label | window.name |
| trusted-types.js:13:20:13:30 | window.name | semmle.label | window.name |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | semmle.label | JSON.pa ... tr(1))) |
| tst3.js:2:23:2:74 | decodeU ... str(1)) | semmle.label | decodeU ... str(1)) |
| tst3.js:2:42:2:63 | window. ... .search | semmle.label | window. ... .search |
| tst3.js:2:42:2:73 | window. ... bstr(1) | semmle.label | window. ... bstr(1) |
| tst3.js:4:25:4:28 | data | semmle.label | data |
| tst3.js:4:25:4:32 | data.src | semmle.label | data.src |
| tst3.js:5:26:5:29 | data | semmle.label | data |
| tst3.js:5:26:5:31 | data.p | semmle.label | data.p |
| tst3.js:7:32:7:35 | data | semmle.label | data |
| tst3.js:7:32:7:37 | data.p | semmle.label | data.p |
| tst3.js:9:37:9:40 | data | semmle.label | data |
| tst3.js:9:37:9:42 | data.p | semmle.label | data.p |
| tst3.js:10:38:10:41 | data | semmle.label | data |
| tst3.js:10:38:10:43 | data.p | semmle.label | data.p |
| tst.js:2:7:2:39 | target | semmle.label | target |
| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search |
| tst.js:4:18:4:23 | target | semmle.label | target |
| tst.js:6:18:6:126 | "<OPTIO ... PTION>" | semmle.label | "<OPTIO ... PTION>" |
| tst.js:6:37:6:58 | documen ... on.href | semmle.label | documen ... on.href |
| tst.js:6:37:6:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
| tst.js:6:37:6:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) |
| tst.js:9:5:9:42 | '<div s ... 'px">' | semmle.label | '<div s ... 'px">' |
| tst.js:9:28:9:33 | target | semmle.label | target |
| tst.js:14:7:14:56 | params | semmle.label | params |
| tst.js:14:7:14:56 | params [MapValue] | semmle.label | params [MapValue] |
| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | semmle.label | (new UR ... ation)) [searchParams, MapValue] |
| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] |
| tst.js:14:16:14:56 | (new UR ... hParams | semmle.label | (new UR ... hParams |
| tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | semmle.label | (new UR ... hParams [MapValue] |
| tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] |
| tst.js:14:17:14:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] |
| tst.js:14:25:14:41 | document.location | semmle.label | document.location |
| tst.js:15:18:15:23 | params | semmle.label | params |
| tst.js:15:18:15:23 | params [MapValue] | semmle.label | params [MapValue] |
| tst.js:15:18:15:35 | params.get('name') | semmle.label | params.get('name') |
| tst.js:17:7:17:61 | searchParams | semmle.label | searchParams |
| tst.js:17:7:17:61 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
| tst.js:17:22:17:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) |
| tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | semmle.label | new URL ... ing(1)) [MapValue] |
| tst.js:17:42:17:47 | target | semmle.label | target |
| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) |
| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) |
| tst.js:17:42:17:60 | target.substring(1) | semmle.label | target.substring(1) |
| tst.js:18:18:18:29 | searchParams | semmle.label | searchParams |
| tst.js:18:18:18:29 | searchParams [MapValue] | semmle.label | searchParams [MapValue] |
| tst.js:18:18:18:41 | searchP ... 'name') | semmle.label | searchP ... 'name') |
| tst.js:21:14:21:19 | target | semmle.label | target |
| tst.js:22:18:22:23 | target | semmle.label | target |
| tst.js:24:5:24:28 | documen ... .search | semmle.label | documen ... .search |
| tst.js:27:10:27:33 | documen ... .search | semmle.label | documen ... .search |
| tst.js:29:16:29:20 | bar() | semmle.label | bar() |
| tst.js:31:14:31:14 | x | semmle.label | x |
| tst.js:32:10:32:10 | x | semmle.label | x |
| tst.js:34:16:34:44 | baz(doc ... search) | semmle.label | baz(doc ... search) |
| tst.js:34:20:34:43 | documen ... .search | semmle.label | documen ... .search |
| tst.js:36:15:36:15 | s | semmle.label | s |
| tst.js:36:15:36:15 | s | semmle.label | s |
| tst.js:37:10:37:31 | "<div>" ... </div>" | semmle.label | "<div>" ... </div>" |
| tst.js:37:20:37:20 | s | semmle.label | s |
| tst.js:37:20:37:20 | s | semmle.label | s |
| tst.js:39:16:39:45 | wrap(do ... search) | semmle.label | wrap(do ... search) |
| tst.js:39:21:39:44 | documen ... .search | semmle.label | documen ... .search |
| tst.js:41:15:41:15 | s | semmle.label | s |
| tst.js:43:12:43:12 | s | semmle.label | s |
| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) |
| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) |
| tst.js:43:12:43:22 | s.substr(1) | semmle.label | s.substr(1) |
| tst.js:46:16:46:45 | chop(do ... search) | semmle.label | chop(do ... search) |
| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search |
| tst.js:47:16:47:45 | chop(do ... search) | semmle.label | chop(do ... search) |
| tst.js:47:21:47:44 | documen ... .search | semmle.label | documen ... .search |
| tst.js:48:16:48:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) |
| tst.js:48:21:48:31 | chop(bar()) | semmle.label | chop(bar()) |
| tst.js:48:21:48:31 | chop(bar()) | semmle.label | chop(bar()) |
| tst.js:48:26:48:30 | bar() | semmle.label | bar() |
| tst.js:50:34:50:34 | s | semmle.label | s |
| tst.js:51:18:51:18 | s | semmle.label | s |
| tst.js:53:25:53:48 | documen ... .search | semmle.label | documen ... .search |
| tst.js:54:25:54:48 | documen ... .search | semmle.label | documen ... .search |
| tst.js:56:16:56:20 | bar() | semmle.label | bar() |
| tst.js:58:1:58:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] |
| tst.js:58:3:58:26 | documen ... .search | semmle.label | documen ... .search |
| tst.js:58:46:58:46 | x | semmle.label | x |
| tst.js:60:20:60:20 | x | semmle.label | x |
| tst.js:63:49:63:72 | documen ... .search | semmle.label | documen ... .search |
| tst.js:67:26:67:49 | documen ... .search | semmle.label | documen ... .search |
| tst.js:68:25:68:48 | documen ... .search | semmle.label | documen ... .search |
| tst.js:70:33:70:56 | documen ... .search | semmle.label | documen ... .search |
| tst.js:71:32:71:55 | documen ... .search | semmle.label | documen ... .search |
| tst.js:76:39:76:62 | documen ... .search | semmle.label | documen ... .search |
| tst.js:82:30:82:53 | documen ... .search | semmle.label | documen ... .search |
| tst.js:88:25:88:48 | documen ... .search | semmle.label | documen ... .search |
| tst.js:93:7:93:44 | v | semmle.label | v |
| tst.js:93:11:93:34 | documen ... .search | semmle.label | documen ... .search |
| tst.js:93:11:93:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| tst.js:95:18:95:18 | v | semmle.label | v |
| tst.js:120:18:120:18 | v | semmle.label | v |
| tst.js:132:29:132:50 | window. ... .search | semmle.label | window. ... .search |
| tst.js:135:29:135:29 | v | semmle.label | v |
| tst.js:135:49:135:49 | v | semmle.label | v |
| tst.js:139:29:139:46 | xssSourceService() | semmle.label | xssSourceService() |
| tst.js:142:40:142:61 | window. ... .search | semmle.label | window. ... .search |
| tst.js:161:9:161:41 | target | semmle.label | target |
| tst.js:161:18:161:41 | documen ... .search | semmle.label | documen ... .search |
| tst.js:164:28:164:33 | target | semmle.label | target |
| tst.js:168:9:168:42 | tainted | semmle.label | tainted |
| tst.js:168:19:168:42 | documen ... .search | semmle.label | documen ... .search |
| tst.js:170:31:170:37 | tainted | semmle.label | tainted |
| tst.js:172:42:172:48 | tainted | semmle.label | tainted |
| tst.js:173:33:173:39 | tainted | semmle.label | tainted |
| tst.js:175:54:175:60 | tainted | semmle.label | tainted |
| tst.js:176:45:176:51 | tainted | semmle.label | tainted |
| tst.js:177:49:177:55 | tainted | semmle.label | tainted |
| tst.js:181:9:181:42 | tainted | semmle.label | tainted |
| tst.js:181:19:181:42 | documen ... .search | semmle.label | documen ... .search |
| tst.js:183:67:183:73 | tainted | semmle.label | tainted |
| tst.js:184:67:184:73 | tainted | semmle.label | tainted |
| tst.js:188:35:188:41 | tainted | semmle.label | tainted |
| tst.js:190:46:190:52 | tainted | semmle.label | tainted |
| tst.js:191:38:191:44 | tainted | semmle.label | tainted |
| tst.js:192:35:192:41 | tainted | semmle.label | tainted |
| tst.js:196:28:196:46 | this.state.tainted1 | semmle.label | this.state.tainted1 |
| tst.js:197:28:197:46 | this.state.tainted2 | semmle.label | this.state.tainted2 |
| tst.js:198:28:198:46 | this.state.tainted3 | semmle.label | this.state.tainted3 |
| tst.js:202:32:202:49 | prevState.tainted4 | semmle.label | prevState.tainted4 |
| tst.js:209:28:209:46 | this.props.tainted1 | semmle.label | this.props.tainted1 |
| tst.js:210:28:210:46 | this.props.tainted2 | semmle.label | this.props.tainted2 |
| tst.js:211:28:211:46 | this.props.tainted3 | semmle.label | this.props.tainted3 |
| tst.js:215:32:215:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 |
| tst.js:220:35:220:41 | tainted | semmle.label | tainted |
| tst.js:222:20:222:26 | tainted | semmle.label | tainted |
| tst.js:224:23:224:29 | tainted | semmle.label | tainted |
| tst.js:225:23:225:29 | tainted | semmle.label | tainted |
| tst.js:231:39:231:55 | props.propTainted | semmle.label | props.propTainted |
| tst.js:235:60:235:82 | this.st ... Tainted | semmle.label | this.st ... Tainted |
| tst.js:239:23:239:29 | tainted | semmle.label | tainted |
| tst.js:243:7:243:17 | window.name | semmle.label | window.name |
| tst.js:244:7:244:10 | name | semmle.label | name |
| tst.js:248:11:248:21 | window.name | semmle.label | window.name |
| tst.js:264:22:264:29 | location | semmle.label | location |
| tst.js:269:9:269:29 | tainted | semmle.label | tainted |
| tst.js:269:19:269:29 | window.name | semmle.label | window.name |
| tst.js:272:59:272:65 | tainted | semmle.label | tainted |
| tst.js:285:9:285:16 | location | semmle.label | location |
| tst.js:286:10:286:10 | e | semmle.label | e |
| tst.js:287:20:287:20 | e | semmle.label | e |
| tst.js:292:10:292:17 | location | semmle.label | location |
| tst.js:294:10:294:10 | e | semmle.label | e |
| tst.js:295:20:295:20 | e | semmle.label | e |
| tst.js:300:35:300:42 | location | semmle.label | location |
| tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | semmle.label | new URL ... cation) [searchParams, MapValue] |
| tst.js:311:10:311:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] |
| tst.js:311:18:311:34 | document.location | semmle.label | document.location |
| tst.js:315:7:315:43 | params | semmle.label | params |
| tst.js:315:7:315:43 | params [MapValue] | semmle.label | params [MapValue] |
| tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | semmle.label | getTaintedUrl() [searchParams, MapValue] |
| tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] |
| tst.js:315:16:315:43 | getTain ... hParams | semmle.label | getTain ... hParams |
| tst.js:315:16:315:43 | getTain ... hParams [MapValue] | semmle.label | getTain ... hParams [MapValue] |
| tst.js:316:18:316:23 | params | semmle.label | params |
| tst.js:316:18:316:23 | params [MapValue] | semmle.label | params [MapValue] |
| tst.js:316:18:316:35 | params.get('name') | semmle.label | params.get('name') |
| tst.js:325:12:325:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] |
| tst.js:325:20:325:36 | document.location | semmle.label | document.location |
| tst.js:327:5:327:12 | getUrl() [hash] | semmle.label | getUrl() [hash] |
| tst.js:327:5:327:17 | getUrl().hash | semmle.label | getUrl().hash |
| tst.js:327:5:327:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) |
| tst.js:332:7:332:39 | target | semmle.label | target |
| tst.js:332:16:332:39 | documen ... .search | semmle.label | documen ... .search |
| tst.js:333:12:333:17 | target | semmle.label | target |
| tst.js:339:10:339:42 | target | semmle.label | target |
| tst.js:339:19:339:42 | documen ... .search | semmle.label | documen ... .search |
| tst.js:340:16:340:21 | target | semmle.label | target |
| tst.js:341:20:341:25 | target | semmle.label | target |
| tst.js:344:21:344:26 | target | semmle.label | target |
| tst.js:347:18:347:23 | target | semmle.label | target |
| tst.js:355:7:355:39 | target | semmle.label | target |
| tst.js:355:16:355:39 | documen ... .search | semmle.label | documen ... .search |
| tst.js:357:18:357:23 | target | semmle.label | target |
| tst.js:364:7:364:39 | target | semmle.label | target |
| tst.js:364:16:364:39 | documen ... .search | semmle.label | documen ... .search |
| tst.js:367:18:367:23 | target | semmle.label | target |
| tst.js:369:18:369:23 | target | semmle.label | target |
| tst.js:369:18:369:29 | target.taint | semmle.label | target.taint |
| tst.js:374:3:374:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] |
| tst.js:374:19:374:42 | documen ... .search | semmle.label | documen ... .search |
| tst.js:375:18:375:23 | target [taint3] | semmle.label | target [taint3] |
| tst.js:375:18:375:30 | target.taint3 | semmle.label | target.taint3 |
| tst.js:380:18:380:23 | target | semmle.label | target |
| tst.js:380:18:380:30 | target.taint5 | semmle.label | target.taint5 |
| tst.js:389:18:389:23 | target | semmle.label | target |
| tst.js:389:18:389:30 | target.taint7 | semmle.label | target.taint7 |
| tst.js:391:3:391:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] |
| tst.js:391:19:391:24 | target | semmle.label | target |
| tst.js:391:19:391:24 | target [taint8] | semmle.label | target [taint8] |
| tst.js:391:19:391:31 | target.taint8 | semmle.label | target.taint8 |
| tst.js:392:18:392:23 | target [taint8] | semmle.label | target [taint8] |
| tst.js:392:18:392:30 | target.taint8 | semmle.label | target.taint8 |
| tst.js:399:7:399:46 | payload | semmle.label | payload |
| tst.js:399:17:399:36 | window.location.hash | semmle.label | window.location.hash |
| tst.js:399:17:399:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) |
| tst.js:400:18:400:24 | payload | semmle.label | payload |
| tst.js:402:7:402:55 | match | semmle.label | match |
| tst.js:402:15:402:34 | window.location.hash | semmle.label | window.location.hash |
| tst.js:402:15:402:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) |
| tst.js:404:20:404:24 | match | semmle.label | match |
| tst.js:404:20:404:27 | match[1] | semmle.label | match[1] |
| tst.js:407:18:407:37 | window.location.hash | semmle.label | window.location.hash |
| tst.js:407:18:407:48 | window. ... it('#') [1] | semmle.label | window. ... it('#') [1] |
| tst.js:407:18:407:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] |
| tst.js:411:7:411:39 | target | semmle.label | target |
| tst.js:411:16:411:39 | documen ... .search | semmle.label | documen ... .search |
| tst.js:413:18:413:23 | target | semmle.label | target |
| tst.js:413:18:413:89 | target. ... data>') | semmle.label | target. ... data>') |
| tst.js:419:6:419:38 | source | semmle.label | source |
| tst.js:419:15:419:38 | documen ... .search | semmle.label | documen ... .search |
| tst.js:423:28:423:33 | source | semmle.label | source |
| tst.js:424:33:424:38 | source | semmle.label | source |
| tst.js:425:34:425:39 | source | semmle.label | source |
| tst.js:426:41:426:46 | source | semmle.label | source |
| tst.js:427:44:427:49 | source | semmle.label | source |
| tst.js:428:32:428:37 | source | semmle.label | source |
| tst.js:436:7:436:39 | source | semmle.label | source |
| tst.js:436:16:436:39 | documen ... .search | semmle.label | documen ... .search |
| tst.js:438:18:438:23 | source | semmle.label | source |
| tst.js:439:18:439:42 | ansiToH ... source) | semmle.label | ansiToH ... source) |
| tst.js:439:36:439:41 | source | semmle.label | source |
| tst.js:443:6:443:38 | source | semmle.label | source |
| tst.js:443:15:443:38 | documen ... .search | semmle.label | documen ... .search |
| tst.js:446:21:446:26 | source | semmle.label | source |
| tst.js:448:19:448:24 | source | semmle.label | source |
| tst.js:450:20:450:25 | source | semmle.label | source |
| tst.js:454:7:454:46 | url | semmle.label | url |
| tst.js:454:13:454:36 | documen ... .search | semmle.label | documen ... .search |
| tst.js:454:13:454:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) |
| tst.js:456:19:456:21 | url | semmle.label | url |
| tst.js:457:26:457:28 | url | semmle.label | url |
| tst.js:458:25:458:27 | url | semmle.label | url |
| tst.js:459:20:459:22 | url | semmle.label | url |
| tst.js:469:22:469:24 | url | semmle.label | url |
| tst.js:474:23:474:35 | location.hash | semmle.label | location.hash |
| tst.js:474:23:474:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) |
| tst.js:477:18:477:30 | location.hash | semmle.label | location.hash |
| tst.js:477:18:477:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) |
| tst.js:484:33:484:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) |
| tst.js:484:43:484:62 | window.location.hash | semmle.label | window.location.hash |
| tst.js:491:7:491:39 | target | semmle.label | target |
| tst.js:491:16:491:39 | documen ... .search | semmle.label | documen ... .search |
| tst.js:492:18:492:23 | target | semmle.label | target |
| tst.js:492:18:492:54 | target. ... "), '') | semmle.label | target. ... "), '') |
| tst.js:498:7:498:26 | source | semmle.label | source |
| tst.js:498:16:498:26 | window.name | semmle.label | window.name |
| tst.js:499:18:499:33 | unescape(source) | semmle.label | unescape(source) |
| tst.js:499:27:499:32 | source | semmle.label | source |
| typeahead.js:9:28:9:30 | loc | semmle.label | loc |
| typeahead.js:10:16:10:18 | loc | semmle.label | loc |
| typeahead.js:20:13:20:45 | target | semmle.label | target |
| typeahead.js:20:22:20:45 | documen ... .search | semmle.label | documen ... .search |
| typeahead.js:21:12:21:17 | target | semmle.label | target |
| typeahead.js:24:30:24:32 | val | semmle.label | val |
| typeahead.js:25:18:25:20 | val | semmle.label | val |
| v-html.vue:2:8:2:23 | v-html=tainted | semmle.label | v-html=tainted |
| v-html.vue:6:42:6:58 | document.location | semmle.label | document.location |
| various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search |
| various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | semmle.label | "<div>" ... </div>" |
| various-concat-obfuscations.js:4:14:4:20 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | semmle.label | `<div>$ ... </div>` |
| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | semmle.label | "<div>" ... ainted) |
| various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | semmle.label | "<div>" ... /div>") |
| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:7:4:7:31 | ["<div> ... /div>"] | semmle.label | ["<div> ... /div>"] |
| various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | semmle.label | ["<div> ... .join() |
| various-concat-obfuscations.js:7:14:7:20 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:9:4:9:34 | "<div i ... "\\"/>" | semmle.label | "<div i ... "\\"/>" |
| various-concat-obfuscations.js:9:19:9:25 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | semmle.label | `<div i ... ed}"/>` |
| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | semmle.label | "<div i ... ainted) |
| various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | semmle.label | "<div i ... t("/>") |
| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | semmle.label | ["<div ... "\\"/>"] |
| various-concat-obfuscations.js:12:4:12:41 | ["<div ... .join() | semmle.label | ["<div ... .join() |
| various-concat-obfuscations.js:12:19:12:25 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:14:24:14:28 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | semmle.label | '<div a ... </div>' |
| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') |
| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | semmle.label | '<div a ... 'left') |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | semmle.label | '<div a ... ntent)) |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | semmle.label | '<div a ... ntent)) [ArrayElement] |
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | semmle.label | '<div a ... /div>') |
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | semmle.label | '<div a ... /div>') [ArrayElement] |
| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' |
| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) |
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs |
| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs |
| winjs.js:2:7:2:53 | tainted | semmle.label | tainted |
| winjs.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search |
| winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) |
| winjs.js:3:43:3:49 | tainted | semmle.label | tainted |
| winjs.js:4:43:4:49 | tainted | semmle.label | tainted |
| xmlRequest.js:8:13:8:47 | json | semmle.label | json |
| xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | semmle.label | JSON.pa ... seText) |
| xmlRequest.js:8:31:8:46 | xhr.responseText | semmle.label | xhr.responseText |
| xmlRequest.js:9:28:9:31 | json | semmle.label | json |
| xmlRequest.js:9:28:9:39 | json.message | semmle.label | json.message |
| xmlRequest.js:20:11:20:48 | resp | semmle.label | resp |
| xmlRequest.js:20:18:20:48 | await g ... rl }}") | semmle.label | await g ... rl }}") |
| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | semmle.label | got.get ... rl }}") |
| xmlRequest.js:21:11:21:38 | json | semmle.label | json |
| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | semmle.label | JSON.pa ... p.body) |
| xmlRequest.js:21:29:21:32 | resp | semmle.label | resp |
| xmlRequest.js:22:24:22:27 | json | semmle.label | json |
| xmlRequest.js:22:24:22:35 | json.message | semmle.label | json.message |
edges
| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | provenance | |
| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | provenance | |
| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | provenance | |
| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:43:5:48 | data | provenance | |
| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | provenance | |
| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | provenance | |
| angular2-client.ts:26:44:26:69 | this.ro ... .params | angular2-client.ts:26:44:26:73 | this.ro ... ams.foo | provenance | |
| angular2-client.ts:27:44:27:74 | this.ro ... yParams | angular2-client.ts:27:44:27:78 | this.ro ... ams.foo | provenance | |
| angular2-client.ts:36:44:36:80 | this.ro ... ameters | angular2-client.ts:36:44:36:82 | this.ro ... eters.x | provenance | |
| angular2-client.ts:38:44:38:89 | this.ro ... .params | angular2-client.ts:38:44:38:91 | this.ro ... arams.x | provenance | |
| angular2-client.ts:43:75:43:105 | this.ro ... yParams | angular2-client.ts:43:75:43:109 | this.ro ... ams.foo | provenance | |
| angular-tempate-url.js:13:30:13:31 | ev | angular-tempate-url.js:14:26:14:27 | ev | provenance | |
| angular-tempate-url.js:14:26:14:27 | ev | angular-tempate-url.js:14:26:14:32 | ev.data | provenance | |
| angular-tempate-url.js:14:26:14:32 | ev.data | angular-tempate-url.js:9:26:9:45 | Cookie.get("unsafe") | provenance | |
| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `<span ... <span>` | provenance | |
| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | provenance | |
| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `<span ... <span>` | provenance | |
| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | provenance | |
| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `<span ... <span>` | provenance | |
| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | provenance | |
| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | provenance | |
| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `<span ... <span>` | provenance | |
| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `<span ... <span>` | provenance | |
| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | provenance | |
| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `<span ... <span>` | provenance | |
| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | provenance | |
| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `<span ... <span>` | provenance | |
| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | provenance | |
| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | provenance | |
| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | provenance | |
| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | provenance | |
| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | provenance | |
| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | provenance | |
| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | provenance | |
| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | provenance | |
| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | provenance | |
| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | provenance | |
| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | provenance | |
| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | provenance | |
| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | provenance | |
| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | provenance | |
| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | provenance | |
| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | provenance | |
| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | provenance | |
| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | provenance | |
| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | provenance | |
| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | provenance | |
| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | |
| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | Config |
| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | |
| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | |
| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | |
| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | |
| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | |
| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | |
| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | |
| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | |
| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | |
| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | |
| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | |
| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | |
| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | |
| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | provenance | |
| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | provenance | |
| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | provenance | |
| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | provenance | |
| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | provenance | |
| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | |
| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | Config |
| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | |
| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | |
| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | |
| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | |
| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | |
| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | |
| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | |
| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | |
| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | |
| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | provenance | |
| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | provenance | |
| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | provenance | |
| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | provenance | |
| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | |
| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | Config |
| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | |
| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | |
| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | |
| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | |
| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | |
| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | |
| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | |
| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | provenance | |
| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | provenance | |
| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | provenance | |
| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | provenance | |
| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | |
| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | Config |
| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | |
| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | |
| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | |
| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | |
| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | |
| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | |
| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | |
| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | provenance | |
| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | provenance | |
| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | provenance | |
| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | provenance | |
| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | provenance | |
| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | provenance | |
| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | provenance | |
| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '<h2><a ... ></h2>' | provenance | Config |
| hana.js:11:37:11:40 | rows | hana.js:11:37:11:51 | rows[0].comment | provenance | |
| hana.js:16:37:16:40 | rows | hana.js:16:37:16:51 | rows[0].comment | provenance | |
| hana.js:19:37:19:40 | rows | hana.js:19:37:19:51 | rows[0].comment | provenance | |
| hana.js:22:37:22:38 | rs | hana.js:22:37:22:49 | rs[0].comment | provenance | |
| hana.js:38:31:38:32 | rs | hana.js:38:31:38:43 | rs[0].comment | provenance | |
| hana.js:43:33:43:41 | dummyRows | hana.js:43:33:43:52 | dummyRows[0].comment | provenance | |
| hana.js:44:33:44:42 | tablesRows | hana.js:44:33:44:53 | tablesR ... comment | provenance | |
| hana.js:50:33:50:41 | dummyRows | hana.js:50:33:50:52 | dummyRows[0].comment | provenance | |
| hana.js:51:33:51:42 | tablesRows | hana.js:51:33:51:53 | tablesR ... comment | provenance | |
| hana.js:70:33:70:36 | rows | hana.js:70:33:70:47 | rows[0].comment | provenance | |
| hana.js:73:33:73:36 | rows | hana.js:73:33:73:47 | rows[0].comment | provenance | |
| hana.js:84:35:84:43 | dummyRows | hana.js:84:35:84:54 | dummyRows[0].comment | provenance | |
| hana.js:85:35:85:43 | tableRows | hana.js:85:35:85:54 | tableRows[0].comment | provenance | |
| hana.js:90:33:90:34 | rs | hana.js:90:33:90:45 | rs[0].comment | provenance | |
| jquery.js:2:7:2:40 | tainted | jquery.js:4:5:4:11 | tainted | provenance | |
| jquery.js:2:7:2:40 | tainted | jquery.js:5:13:5:19 | tainted | provenance | |
| jquery.js:2:7:2:40 | tainted | jquery.js:6:11:6:17 | tainted | provenance | |
| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | provenance | |
| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | provenance | |
| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | provenance | |
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | |
| jquery.js:4:5:4:11 | tainted | jquery.js:5:13:5:19 | tainted | provenance | |
| jquery.js:5:13:5:19 | tainted | jquery.js:6:11:6:17 | tainted | provenance | |
| jquery.js:6:11:6:17 | tainted | jquery.js:7:20:7:26 | tainted | provenance | |
| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "<div i ... + "\\">" | provenance | Config |
| jquery.js:7:20:7:26 | tainted | jquery.js:8:28:8:34 | tainted | provenance | |
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | |
| jquery.js:8:28:8:34 | tainted | jquery.js:36:25:36:31 | tainted | provenance | |
| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | |
| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "<b>" + ... "</b>" | provenance | Config |
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | |
| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | |
| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | |
| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | provenance | |
| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | provenance | |
| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | provenance | Config |
| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | provenance | Config |
| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | provenance | Config |
| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | provenance | Config |
| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | provenance | Config |
| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | provenance | Config |
| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '<b>' + ... '</b>' | provenance | Config |
| jquery.js:36:25:36:31 | tainted | jquery.js:37:31:37:37 | tainted | provenance | |
| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | provenance | Config |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | provenance | |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | provenance | |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | provenance | |
| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | provenance | |
| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | |
| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | |
| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | provenance | |
| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:10:19:10:25 | decoded | provenance | |
| jwt-server.js:10:19:10:25 | decoded | jwt-server.js:10:19:10:29 | decoded.foo | provenance | |
| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | provenance | |
| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | provenance | |
| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | provenance | |
| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | provenance | |
| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | provenance | |
| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | provenance | |
| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | provenance | |
| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | provenance | |
| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | provenance | |
| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | provenance | |
| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | provenance | |
| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | provenance | |
| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | provenance | |
| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | provenance | |
| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | provenance | |
| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | provenance | |
| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | provenance | |
| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | provenance | |
| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | provenance | |
| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | provenance | |
| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | provenance | |
| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | |
| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | provenance | |
| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | |
| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | provenance | |
| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | provenance | |
| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | provenance | |
| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | provenance | |
| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | provenance | |
| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | |
| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | provenance | |
| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | |
| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | provenance | |
| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | provenance | |
| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | provenance | |
| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | |
| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | provenance | |
| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | provenance | |
| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | |
| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | provenance | |
| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | provenance | |
| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:9:5:29 | id | provenance | |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | provenance | |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | |
| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | |
| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | |
| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | |
| pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [id] | provenance | |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... e\\n } [q] | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | |
| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | provenance | |
| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | provenance | |
| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | provenance | |
| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | |
| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | |
| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:9:4:49 | state | provenance | |
| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | provenance | |
| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:9:9:43 | state | provenance | |
| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | provenance | |
| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | provenance | |
| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | provenance | |
| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | provenance | |
| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | provenance | |
| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | provenance | |
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | provenance | |
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | provenance | |
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | provenance | |
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | provenance | |
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | provenance | |
| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | provenance | |
| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | provenance | |
| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '<b>' + ... '</b>' | provenance | |
| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '<b>' + ... '</b>' | provenance | |
| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '<b>' + ... '</b>' | provenance | |
| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '<b>' + ... '</b>' | provenance | |
| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' | provenance | |
| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | provenance | |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | |
| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | provenance | |
| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | provenance | |
| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | provenance | |
| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | provenance | Config |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | |
| tainted-url-suffix-arguments.js:3:17:3:17 | y | tainted-url-suffix-arguments.js:6:22:6:22 | y | provenance | |
| tainted-url-suffix-arguments.js:11:11:11:36 | url | tainted-url-suffix-arguments.js:12:17:12:19 | url | provenance | |
| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:11:11:11:36 | url | provenance | |
| tainted-url-suffix-arguments.js:12:17:12:19 | url | tainted-url-suffix-arguments.js:3:17:3:17 | y | provenance | |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | |
| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | |
| tooltip.jsx:17:11:17:33 | provide [source] | tooltip.jsx:18:51:18:57 | provide [source] | provenance | |
| tooltip.jsx:17:21:17:33 | props.provide [source] | tooltip.jsx:17:11:17:33 | provide [source] | provenance | |
| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:18:51:18:59 | provide() | provenance | |
| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:23:38:23:43 | source | provenance | |
| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:17:21:17:33 | props.provide [source] | provenance | |
| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | |
| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | |
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | |
| translate.js:7:7:7:61 | searchParams | translate.js:8:27:8:38 | searchParams | provenance | |
| translate.js:7:7:7:61 | searchParams [MapValue] | translate.js:8:27:8:38 | searchParams [MapValue] | provenance | |
| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | |
| translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | translate.js:7:7:7:61 | searchParams [MapValue] | provenance | |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | Config |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | Config |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | provenance | |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | provenance | |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | provenance | |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) [MapValue] | provenance | |
| translate.js:8:27:8:38 | searchParams | translate.js:8:27:8:50 | searchP ... 'term') | provenance | Config |
| translate.js:8:27:8:38 | searchParams [MapValue] | translate.js:8:27:8:50 | searchP ... 'term') | provenance | |
| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | |
| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | provenance | |
| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | provenance | |
| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | provenance | |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | provenance | |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | provenance | |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | provenance | |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | provenance | |
| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | provenance | |
| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | provenance | |
| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | provenance | Config |
| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | provenance | |
| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | provenance | |
| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | provenance | |
| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | provenance | |
| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | provenance | |
| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | provenance | |
| tst.js:2:7:2:39 | target | tst.js:4:18:4:23 | target | provenance | |
| tst.js:2:7:2:39 | target | tst.js:9:28:9:33 | target | provenance | |
| tst.js:2:7:2:39 | target | tst.js:17:42:17:47 | target | provenance | |
| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | provenance | |
| tst.js:6:37:6:58 | documen ... on.href | tst.js:6:37:6:114 | documen ... t=")+8) | provenance | |
| tst.js:6:37:6:58 | documen ... on.href | tst.js:6:37:6:114 | documen ... t=")+8) | provenance | Config |
| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "<OPTIO ... PTION>" | provenance | |
| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "<OPTIO ... PTION>" | provenance | |
| tst.js:6:37:6:114 | documen ... t=")+8) | tst.js:6:18:6:126 | "<OPTIO ... PTION>" | provenance | Config |
| tst.js:9:28:9:33 | target | tst.js:9:5:9:42 | '<div s ... 'px">' | provenance | Config |
| tst.js:14:7:14:56 | params | tst.js:15:18:15:23 | params | provenance | |
| tst.js:14:7:14:56 | params [MapValue] | tst.js:15:18:15:23 | params [MapValue] | provenance | |
| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | provenance | |
| tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | tst.js:14:16:14:56 | (new UR ... hParams | provenance | |
| tst.js:14:16:14:56 | (new UR ... hParams | tst.js:14:7:14:56 | params | provenance | |
| tst.js:14:16:14:56 | (new UR ... hParams [MapValue] | tst.js:14:7:14:56 | params [MapValue] | provenance | |
| tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | tst.js:14:16:14:43 | (new UR ... ation)) [searchParams, MapValue] | provenance | |
| tst.js:14:17:14:42 | new URL ... cation) [searchParams] | tst.js:14:16:14:43 | (new UR ... ation)) [searchParams] | provenance | |
| tst.js:14:25:14:41 | document.location | tst.js:14:17:14:42 | new URL ... cation) [searchParams, MapValue] | provenance | |
| tst.js:14:25:14:41 | document.location | tst.js:14:17:14:42 | new URL ... cation) [searchParams] | provenance | |
| tst.js:15:18:15:23 | params | tst.js:15:18:15:35 | params.get('name') | provenance | Config |
| tst.js:15:18:15:23 | params [MapValue] | tst.js:15:18:15:35 | params.get('name') | provenance | |
| tst.js:17:7:17:61 | searchParams | tst.js:18:18:18:29 | searchParams | provenance | |
| tst.js:17:7:17:61 | searchParams [MapValue] | tst.js:18:18:18:29 | searchParams [MapValue] | provenance | |
| tst.js:17:22:17:61 | new URL ... ing(1)) | tst.js:17:7:17:61 | searchParams | provenance | |
| tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | tst.js:17:7:17:61 | searchParams [MapValue] | provenance | |
| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | |
| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | Config |
| tst.js:17:42:17:47 | target | tst.js:17:42:17:60 | target.substring(1) | provenance | Config |
| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) | provenance | |
| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | |
| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | |
| tst.js:17:42:17:60 | target.substring(1) | tst.js:17:22:17:61 | new URL ... ing(1)) [MapValue] | provenance | |
| tst.js:18:18:18:29 | searchParams | tst.js:18:18:18:41 | searchP ... 'name') | provenance | Config |
| tst.js:18:18:18:29 | searchParams [MapValue] | tst.js:18:18:18:41 | searchP ... 'name') | provenance | |
| tst.js:21:14:21:19 | target | tst.js:22:18:22:23 | target | provenance | |
| tst.js:24:5:24:28 | documen ... .search | tst.js:21:14:21:19 | target | provenance | |
| tst.js:27:10:27:33 | documen ... .search | tst.js:29:16:29:20 | bar() | provenance | |
| tst.js:27:10:27:33 | documen ... .search | tst.js:48:26:48:30 | bar() | provenance | |
| tst.js:27:10:27:33 | documen ... .search | tst.js:56:16:56:20 | bar() | provenance | |
| tst.js:31:14:31:14 | x | tst.js:32:10:32:10 | x | provenance | |
| tst.js:34:20:34:43 | documen ... .search | tst.js:31:14:31:14 | x | provenance | |
| tst.js:34:20:34:43 | documen ... .search | tst.js:34:16:34:44 | baz(doc ... search) | provenance | |
| tst.js:36:15:36:15 | s | tst.js:37:20:37:20 | s | provenance | |
| tst.js:36:15:36:15 | s | tst.js:37:20:37:20 | s | provenance | |
| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | provenance | |
| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | provenance | |
| tst.js:37:20:37:20 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | provenance | Config |
| tst.js:39:21:39:44 | documen ... .search | tst.js:36:15:36:15 | s | provenance | |
| tst.js:39:21:39:44 | documen ... .search | tst.js:39:16:39:45 | wrap(do ... search) | provenance | |
| tst.js:39:21:39:44 | documen ... .search | tst.js:39:16:39:45 | wrap(do ... search) | provenance | Config |
| tst.js:41:15:41:15 | s | tst.js:43:12:43:12 | s | provenance | |
| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | |
| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | Config |
| tst.js:43:12:43:12 | s | tst.js:43:12:43:22 | s.substr(1) | provenance | Config |
| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | provenance | |
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | chop(do ... search) | provenance | |
| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | chop(do ... search) | provenance | Config |
| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | provenance | |
| tst.js:47:21:47:44 | documen ... .search | tst.js:47:16:47:45 | chop(do ... search) | provenance | |
| tst.js:47:21:47:44 | documen ... .search | tst.js:47:16:47:45 | chop(do ... search) | provenance | Config |
| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | provenance | |
| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | provenance | |
| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | |
| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | |
| tst.js:48:21:48:31 | chop(bar()) | tst.js:48:16:48:32 | wrap(chop(bar())) | provenance | Config |
| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | provenance | |
| tst.js:48:26:48:30 | bar() | tst.js:48:21:48:31 | chop(bar()) | provenance | |
| tst.js:48:26:48:30 | bar() | tst.js:48:21:48:31 | chop(bar()) | provenance | Config |
| tst.js:50:34:50:34 | s | tst.js:51:18:51:18 | s | provenance | |
| tst.js:53:25:53:48 | documen ... .search | tst.js:50:34:50:34 | s | provenance | |
| tst.js:54:25:54:48 | documen ... .search | tst.js:50:34:50:34 | s | provenance | |
| tst.js:58:1:58:27 | [,docum ... search] [1] | tst.js:58:46:58:46 | x | provenance | |
| tst.js:58:3:58:26 | documen ... .search | tst.js:58:1:58:27 | [,docum ... search] [1] | provenance | |
| tst.js:58:46:58:46 | x | tst.js:60:20:60:20 | x | provenance | |
| tst.js:93:7:93:44 | v | tst.js:95:18:95:18 | v | provenance | |
| tst.js:93:7:93:44 | v | tst.js:120:18:120:18 | v | provenance | |
| tst.js:93:11:93:34 | documen ... .search | tst.js:93:11:93:44 | documen ... bstr(1) | provenance | |
| tst.js:93:11:93:34 | documen ... .search | tst.js:93:11:93:44 | documen ... bstr(1) | provenance | Config |
| tst.js:93:11:93:44 | documen ... bstr(1) | tst.js:93:7:93:44 | v | provenance | |
| tst.js:132:29:132:50 | window. ... .search | tst.js:135:29:135:29 | v | provenance | |
| tst.js:135:29:135:29 | v | tst.js:135:49:135:49 | v | provenance | |
| tst.js:142:40:142:61 | window. ... .search | tst.js:139:29:139:46 | xssSourceService() | provenance | |
| tst.js:161:9:161:41 | target | tst.js:164:28:164:33 | target | provenance | |
| tst.js:161:18:161:41 | documen ... .search | tst.js:161:9:161:41 | target | provenance | |
| tst.js:168:9:168:42 | tainted | tst.js:170:31:170:37 | tainted | provenance | |
| tst.js:168:9:168:42 | tainted | tst.js:172:42:172:48 | tainted | provenance | |
| tst.js:168:9:168:42 | tainted | tst.js:173:33:173:39 | tainted | provenance | |
| tst.js:168:9:168:42 | tainted | tst.js:175:54:175:60 | tainted | provenance | |
| tst.js:168:9:168:42 | tainted | tst.js:176:45:176:51 | tainted | provenance | |
| tst.js:168:9:168:42 | tainted | tst.js:177:49:177:55 | tainted | provenance | |
| tst.js:168:19:168:42 | documen ... .search | tst.js:168:9:168:42 | tainted | provenance | |
| tst.js:181:9:181:42 | tainted | tst.js:183:67:183:73 | tainted | provenance | |
| tst.js:181:9:181:42 | tainted | tst.js:184:67:184:73 | tainted | provenance | |
| tst.js:181:9:181:42 | tainted | tst.js:220:35:220:41 | tainted | provenance | |
| tst.js:181:9:181:42 | tainted | tst.js:222:20:222:26 | tainted | provenance | |
| tst.js:181:9:181:42 | tainted | tst.js:224:23:224:29 | tainted | provenance | |
| tst.js:181:9:181:42 | tainted | tst.js:225:23:225:29 | tainted | provenance | |
| tst.js:181:9:181:42 | tainted | tst.js:239:23:239:29 | tainted | provenance | |
| tst.js:181:19:181:42 | documen ... .search | tst.js:181:9:181:42 | tainted | provenance | |
| tst.js:183:67:183:73 | tainted | tst.js:184:67:184:73 | tainted | provenance | |
| tst.js:184:67:184:73 | tainted | tst.js:188:35:188:41 | tainted | provenance | |
| tst.js:184:67:184:73 | tainted | tst.js:190:46:190:52 | tainted | provenance | |
| tst.js:184:67:184:73 | tainted | tst.js:191:38:191:44 | tainted | provenance | |
| tst.js:184:67:184:73 | tainted | tst.js:192:35:192:41 | tainted | provenance | |
| tst.js:184:67:184:73 | tainted | tst.js:220:35:220:41 | tainted | provenance | |
| tst.js:188:35:188:41 | tainted | tst.js:196:28:196:46 | this.state.tainted1 | provenance | |
| tst.js:190:46:190:52 | tainted | tst.js:197:28:197:46 | this.state.tainted2 | provenance | |
| tst.js:191:38:191:44 | tainted | tst.js:198:28:198:46 | this.state.tainted3 | provenance | |
| tst.js:192:35:192:41 | tainted | tst.js:202:32:202:49 | prevState.tainted4 | provenance | |
| tst.js:220:35:220:41 | tainted | tst.js:209:28:209:46 | this.props.tainted1 | provenance | |
| tst.js:220:35:220:41 | tainted | tst.js:222:20:222:26 | tainted | provenance | |
| tst.js:222:20:222:26 | tainted | tst.js:210:28:210:46 | this.props.tainted2 | provenance | |
| tst.js:222:20:222:26 | tainted | tst.js:224:23:224:29 | tainted | provenance | |
| tst.js:224:23:224:29 | tainted | tst.js:211:28:211:46 | this.props.tainted3 | provenance | |
| tst.js:224:23:224:29 | tainted | tst.js:225:23:225:29 | tainted | provenance | |
| tst.js:225:23:225:29 | tainted | tst.js:215:32:215:49 | prevProps.tainted4 | provenance | |
| tst.js:225:23:225:29 | tainted | tst.js:239:23:239:29 | tainted | provenance | |
| tst.js:231:39:231:55 | props.propTainted | tst.js:235:60:235:82 | this.st ... Tainted | provenance | |
| tst.js:239:23:239:29 | tainted | tst.js:231:39:231:55 | props.propTainted | provenance | |
| tst.js:269:9:269:29 | tainted | tst.js:272:59:272:65 | tainted | provenance | |
| tst.js:269:19:269:29 | window.name | tst.js:269:9:269:29 | tainted | provenance | |
| tst.js:285:9:285:16 | location | tst.js:286:10:286:10 | e | provenance | |
| tst.js:286:10:286:10 | e | tst.js:287:20:287:20 | e | provenance | |
| tst.js:292:10:292:17 | location | tst.js:294:10:294:10 | e | provenance | |
| tst.js:294:10:294:10 | e | tst.js:295:20:295:20 | e | provenance | |
| tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | provenance | |
| tst.js:311:10:311:35 | new URL ... cation) [searchParams] | tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | provenance | |
| tst.js:311:18:311:34 | document.location | tst.js:311:10:311:35 | new URL ... cation) [searchParams, MapValue] | provenance | |
| tst.js:311:18:311:34 | document.location | tst.js:311:10:311:35 | new URL ... cation) [searchParams] | provenance | |
| tst.js:315:7:315:43 | params | tst.js:316:18:316:23 | params | provenance | |
| tst.js:315:7:315:43 | params [MapValue] | tst.js:316:18:316:23 | params [MapValue] | provenance | |
| tst.js:315:16:315:30 | getTaintedUrl() [searchParams, MapValue] | tst.js:315:16:315:43 | getTain ... hParams [MapValue] | provenance | |
| tst.js:315:16:315:30 | getTaintedUrl() [searchParams] | tst.js:315:16:315:43 | getTain ... hParams | provenance | |
| tst.js:315:16:315:43 | getTain ... hParams | tst.js:315:7:315:43 | params | provenance | |
| tst.js:315:16:315:43 | getTain ... hParams [MapValue] | tst.js:315:7:315:43 | params [MapValue] | provenance | |
| tst.js:316:18:316:23 | params | tst.js:316:18:316:35 | params.get('name') | provenance | Config |
| tst.js:316:18:316:23 | params [MapValue] | tst.js:316:18:316:35 | params.get('name') | provenance | |
| tst.js:325:12:325:37 | new URL ... cation) [hash] | tst.js:327:5:327:12 | getUrl() [hash] | provenance | |
| tst.js:325:20:325:36 | document.location | tst.js:325:12:325:37 | new URL ... cation) [hash] | provenance | |
| tst.js:327:5:327:12 | getUrl() [hash] | tst.js:327:5:327:17 | getUrl().hash | provenance | |
| tst.js:327:5:327:17 | getUrl().hash | tst.js:327:5:327:30 | getUrl( ... ring(1) | provenance | Config |
| tst.js:332:7:332:39 | target | tst.js:333:12:333:17 | target | provenance | |
| tst.js:332:16:332:39 | documen ... .search | tst.js:332:7:332:39 | target | provenance | |
| tst.js:339:10:339:42 | target | tst.js:340:16:340:21 | target | provenance | |
| tst.js:339:10:339:42 | target | tst.js:341:20:341:25 | target | provenance | |
| tst.js:339:19:339:42 | documen ... .search | tst.js:339:10:339:42 | target | provenance | |
| tst.js:340:16:340:21 | target | tst.js:341:20:341:25 | target | provenance | |
| tst.js:341:20:341:25 | target | tst.js:344:21:344:26 | target | provenance | |
| tst.js:341:20:341:25 | target | tst.js:347:18:347:23 | target | provenance | |
| tst.js:355:7:355:39 | target | tst.js:357:18:357:23 | target | provenance | |
| tst.js:355:16:355:39 | documen ... .search | tst.js:355:7:355:39 | target | provenance | |
| tst.js:364:7:364:39 | target | tst.js:367:18:367:23 | target | provenance | |
| tst.js:364:7:364:39 | target | tst.js:369:18:369:23 | target | provenance | |
| tst.js:364:7:364:39 | target | tst.js:380:18:380:23 | target | provenance | |
| tst.js:364:7:364:39 | target | tst.js:389:18:389:23 | target | provenance | |
| tst.js:364:7:364:39 | target | tst.js:391:19:391:24 | target | provenance | |
| tst.js:364:16:364:39 | documen ... .search | tst.js:364:7:364:39 | target | provenance | |
| tst.js:369:18:369:23 | target | tst.js:369:18:369:29 | target.taint | provenance | |
| tst.js:374:3:374:8 | [post update] target [taint3] | tst.js:375:18:375:23 | target [taint3] | provenance | |
| tst.js:374:19:374:42 | documen ... .search | tst.js:374:3:374:8 | [post update] target [taint3] | provenance | |
| tst.js:375:18:375:23 | target [taint3] | tst.js:375:18:375:30 | target.taint3 | provenance | |
| tst.js:380:18:380:23 | target | tst.js:380:18:380:30 | target.taint5 | provenance | |
| tst.js:389:18:389:23 | target | tst.js:389:18:389:30 | target.taint7 | provenance | |
| tst.js:391:3:391:8 | [post update] target [taint8] | tst.js:391:19:391:24 | target [taint8] | provenance | |
| tst.js:391:3:391:8 | [post update] target [taint8] | tst.js:392:18:392:23 | target [taint8] | provenance | |
| tst.js:391:19:391:24 | target | tst.js:391:19:391:31 | target.taint8 | provenance | |
| tst.js:391:19:391:24 | target [taint8] | tst.js:391:19:391:31 | target.taint8 | provenance | |
| tst.js:391:19:391:31 | target.taint8 | tst.js:391:3:391:8 | [post update] target [taint8] | provenance | |
| tst.js:392:18:392:23 | target [taint8] | tst.js:392:18:392:30 | target.taint8 | provenance | |
| tst.js:399:7:399:46 | payload | tst.js:400:18:400:24 | payload | provenance | |
| tst.js:399:17:399:36 | window.location.hash | tst.js:399:17:399:46 | window. ... bstr(1) | provenance | |
| tst.js:399:17:399:36 | window.location.hash | tst.js:399:17:399:46 | window. ... bstr(1) | provenance | Config |
| tst.js:399:17:399:46 | window. ... bstr(1) | tst.js:399:7:399:46 | payload | provenance | |
| tst.js:402:7:402:55 | match | tst.js:404:20:404:24 | match | provenance | |
| tst.js:402:15:402:34 | window.location.hash | tst.js:402:15:402:55 | window. ... (\\w+)/) | provenance | |
| tst.js:402:15:402:55 | window. ... (\\w+)/) | tst.js:402:7:402:55 | match | provenance | |
| tst.js:404:20:404:24 | match | tst.js:404:20:404:27 | match[1] | provenance | |
| tst.js:407:18:407:37 | window.location.hash | tst.js:407:18:407:48 | window. ... it('#') [1] | provenance | Config |
| tst.js:407:18:407:48 | window. ... it('#') [1] | tst.js:407:18:407:51 | window. ... '#')[1] | provenance | |
| tst.js:411:7:411:39 | target | tst.js:413:18:413:23 | target | provenance | |
| tst.js:411:16:411:39 | documen ... .search | tst.js:411:7:411:39 | target | provenance | |
| tst.js:413:18:413:23 | target | tst.js:413:18:413:89 | target. ... data>') | provenance | |
| tst.js:419:6:419:38 | source | tst.js:423:28:423:33 | source | provenance | |
| tst.js:419:6:419:38 | source | tst.js:424:33:424:38 | source | provenance | |
| tst.js:419:6:419:38 | source | tst.js:425:34:425:39 | source | provenance | |
| tst.js:419:6:419:38 | source | tst.js:426:41:426:46 | source | provenance | |
| tst.js:419:6:419:38 | source | tst.js:427:44:427:49 | source | provenance | |
| tst.js:419:6:419:38 | source | tst.js:428:32:428:37 | source | provenance | |
| tst.js:419:15:419:38 | documen ... .search | tst.js:419:6:419:38 | source | provenance | |
| tst.js:436:7:436:39 | source | tst.js:438:18:438:23 | source | provenance | |
| tst.js:436:7:436:39 | source | tst.js:439:36:439:41 | source | provenance | |
| tst.js:436:16:436:39 | documen ... .search | tst.js:436:7:436:39 | source | provenance | |
| tst.js:439:36:439:41 | source | tst.js:439:18:439:42 | ansiToH ... source) | provenance | |
| tst.js:443:6:443:38 | source | tst.js:446:21:446:26 | source | provenance | |
| tst.js:443:6:443:38 | source | tst.js:448:19:448:24 | source | provenance | |
| tst.js:443:6:443:38 | source | tst.js:450:20:450:25 | source | provenance | |
| tst.js:443:15:443:38 | documen ... .search | tst.js:443:6:443:38 | source | provenance | |
| tst.js:454:7:454:46 | url | tst.js:456:19:456:21 | url | provenance | |
| tst.js:454:7:454:46 | url | tst.js:457:26:457:28 | url | provenance | |
| tst.js:454:7:454:46 | url | tst.js:458:25:458:27 | url | provenance | |
| tst.js:454:7:454:46 | url | tst.js:459:20:459:22 | url | provenance | |
| tst.js:454:7:454:46 | url | tst.js:469:22:469:24 | url | provenance | |
| tst.js:454:13:454:36 | documen ... .search | tst.js:454:13:454:46 | documen ... bstr(1) | provenance | Config |
| tst.js:454:13:454:46 | documen ... bstr(1) | tst.js:454:7:454:46 | url | provenance | |
| tst.js:474:23:474:35 | location.hash | tst.js:474:23:474:45 | locatio ... bstr(1) | provenance | Config |
| tst.js:477:18:477:30 | location.hash | tst.js:477:18:477:40 | locatio ... bstr(1) | provenance | Config |
| tst.js:484:43:484:62 | window.location.hash | tst.js:484:33:484:63 | decodeU ... n.hash) | provenance | |
| tst.js:491:7:491:39 | target | tst.js:492:18:492:23 | target | provenance | |
| tst.js:491:16:491:39 | documen ... .search | tst.js:491:7:491:39 | target | provenance | |
| tst.js:492:18:492:23 | target | tst.js:492:18:492:54 | target. ... "), '') | provenance | |
| tst.js:498:7:498:26 | source | tst.js:499:27:499:32 | source | provenance | |
| tst.js:498:16:498:26 | window.name | tst.js:498:7:498:26 | source | provenance | |
| tst.js:499:27:499:32 | source | tst.js:499:18:499:33 | unescape(source) | provenance | |
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | provenance | |
| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | |
| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | |
| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | |
| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | |
| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | provenance | |
| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | provenance | |
| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | provenance | Config |
| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | provenance | Config |
| various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | provenance | |
| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | provenance | Config |
| various-concat-obfuscations.js:7:4:7:31 | ["<div> ... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | provenance | |
| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["<div> ... /div>"] | provenance | Config |
| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "<div i ... "\\"/>" | provenance | Config |
| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | provenance | Config |
| various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | provenance | |
| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | provenance | Config |
| various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | various-concat-obfuscations.js:12:4:12:41 | ["<div ... .join() | provenance | |
| various-concat-obfuscations.js:12:19:12:25 | tainted | various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | provenance | Config |
| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | provenance | |
| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | provenance | Config |
| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | |
| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | provenance | |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | provenance | |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | |
| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | provenance | Config |
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | provenance | |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | provenance | |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | provenance | Config |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | provenance | Config |
| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | provenance | |
| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | provenance | |
| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | provenance | |
| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | provenance | Config |
| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | provenance | |
| xmlRequest.js:8:13:8:47 | json | xmlRequest.js:9:28:9:31 | json | provenance | |
| xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | xmlRequest.js:8:13:8:47 | json | provenance | |
| xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | provenance | |
| xmlRequest.js:9:28:9:31 | json | xmlRequest.js:9:28:9:39 | json.message | provenance | |
| xmlRequest.js:20:11:20:48 | resp | xmlRequest.js:21:29:21:32 | resp | provenance | |
| xmlRequest.js:20:18:20:48 | await g ... rl }}") | xmlRequest.js:20:11:20:48 | resp | provenance | |
| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | provenance | |
| xmlRequest.js:21:11:21:38 | json | xmlRequest.js:22:24:22:27 | json | provenance | |
| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | xmlRequest.js:21:11:21:38 | json | provenance | |
| xmlRequest.js:21:29:21:32 | resp | xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | provenance | |
| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | provenance | |
subpaths
| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) |
| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) |
| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) |
| tooltip.jsx:18:51:18:57 | provide [source] | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() |
| tst.js:34:20:34:43 | documen ... .search | tst.js:31:14:31:14 | x | tst.js:32:10:32:10 | x | tst.js:34:16:34:44 | baz(doc ... search) |
| tst.js:39:21:39:44 | documen ... .search | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | tst.js:39:16:39:45 | wrap(do ... search) |
| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) |
| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) |
| tst.js:46:21:46:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:46:16:46:45 | chop(do ... search) |
| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) |
| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) |
| tst.js:47:21:47:44 | documen ... .search | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:47:16:47:45 | chop(do ... search) |
| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | tst.js:48:16:48:32 | wrap(chop(bar())) |
| tst.js:48:21:48:31 | chop(bar()) | tst.js:36:15:36:15 | s | tst.js:37:10:37:31 | "<div>" ... </div>" | tst.js:48:16:48:32 | wrap(chop(bar())) |
| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:48:21:48:31 | chop(bar()) |
| tst.js:48:26:48:30 | bar() | tst.js:41:15:41:15 | s | tst.js:43:12:43:22 | s.substr(1) | tst.js:48:21:48:31 | chop(bar()) |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) |
#select
| hana.js:11:37:11:51 | rows[0].comment | hana.js:11:37:11:40 | rows | hana.js:11:37:11:51 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:11:37:11:40 | rows | user-provided value |
| hana.js:16:37:16:51 | rows[0].comment | hana.js:16:37:16:40 | rows | hana.js:16:37:16:51 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:16:37:16:40 | rows | user-provided value |
| hana.js:19:37:19:51 | rows[0].comment | hana.js:19:37:19:40 | rows | hana.js:19:37:19:51 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:19:37:19:40 | rows | user-provided value |
| hana.js:22:37:22:49 | rs[0].comment | hana.js:22:37:22:38 | rs | hana.js:22:37:22:49 | rs[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:22:37:22:38 | rs | user-provided value |
| hana.js:38:31:38:43 | rs[0].comment | hana.js:38:31:38:32 | rs | hana.js:38:31:38:43 | rs[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:38:31:38:32 | rs | user-provided value |
| hana.js:43:33:43:52 | dummyRows[0].comment | hana.js:43:33:43:41 | dummyRows | hana.js:43:33:43:52 | dummyRows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:43:33:43:41 | dummyRows | user-provided value |
| hana.js:44:33:44:53 | tablesR ... comment | hana.js:44:33:44:42 | tablesRows | hana.js:44:33:44:53 | tablesR ... comment | Cross-site scripting vulnerability due to $@. | hana.js:44:33:44:42 | tablesRows | user-provided value |
| hana.js:50:33:50:52 | dummyRows[0].comment | hana.js:50:33:50:41 | dummyRows | hana.js:50:33:50:52 | dummyRows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:50:33:50:41 | dummyRows | user-provided value |
| hana.js:51:33:51:53 | tablesR ... comment | hana.js:51:33:51:42 | tablesRows | hana.js:51:33:51:53 | tablesR ... comment | Cross-site scripting vulnerability due to $@. | hana.js:51:33:51:42 | tablesRows | user-provided value |
| hana.js:70:33:70:47 | rows[0].comment | hana.js:70:33:70:36 | rows | hana.js:70:33:70:47 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:70:33:70:36 | rows | user-provided value |
| hana.js:73:33:73:47 | rows[0].comment | hana.js:73:33:73:36 | rows | hana.js:73:33:73:47 | rows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:73:33:73:36 | rows | user-provided value |
| hana.js:84:35:84:54 | dummyRows[0].comment | hana.js:84:35:84:43 | dummyRows | hana.js:84:35:84:54 | dummyRows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:84:35:84:43 | dummyRows | user-provided value |
| hana.js:85:35:85:54 | tableRows[0].comment | hana.js:85:35:85:43 | tableRows | hana.js:85:35:85:54 | tableRows[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:85:35:85:43 | tableRows | user-provided value |
| hana.js:90:33:90:45 | rs[0].comment | hana.js:90:33:90:34 | rs | hana.js:90:33:90:45 | rs[0].comment | Cross-site scripting vulnerability due to $@. | hana.js:90:33:90:34 | rs | user-provided value |
| jwt.js:6:14:6:20 | decoded | jwt.js:4:36:4:39 | data | jwt.js:6:14:6:20 | decoded | Cross-site scripting vulnerability due to $@. | jwt.js:4:36:4:39 | data | user-provided value |
| typeahead.js:10:16:10:18 | loc | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | Cross-site scripting vulnerability due to $@. | typeahead.js:9:28:9:30 | loc | user-provided value |
| xmlRequest.js:9:28:9:39 | json.message | xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:9:28:9:39 | json.message | Cross-site scripting vulnerability due to $@. | xmlRequest.js:8:31:8:46 | xhr.responseText | user-provided value |
| xmlRequest.js:22:24:22:35 | json.message | xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:22:24:22:35 | json.message | Cross-site scripting vulnerability due to $@. | xmlRequest.js:20:24:20:48 | got.get ... rl }}") | user-provided value |
Reference in New Issue View Git Blame Copy Permalink