diff --git a/go/ql/lib/semmle/go/security/Xss.qll b/go/ql/lib/semmle/go/security/Xss.qll
index 3c76ffbeea2e..f11dc12bf763 100644
--- a/go/ql/lib/semmle/go/security/Xss.qll
+++ b/go/ql/lib/semmle/go/security/Xss.qll
@@ -49,6 +49,10 @@ module SharedXss {
     override Locatable getAssociatedLoc() { result = this.getRead().getEnclosingTextNode() }
   }
 
+  private class DefaultSink extends Sink {
+    DefaultSink() { sinkNode(this, ["html-injection", "js-injection"]) }
+  }
+
   /**
    * Holds if `body` may send a response with a content type other than HTML.
    */