Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-02-11 20:51:06 +01:00 · 2025-11-27 13:18:11 +01:00
parent 818f4815dd
commit 7c0243fc6d
2 changed files with 2 additions and 2 deletions
--- a/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md
+++ b/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md
@@ -1,5 +1,5 @@
 ---
 category: minorAnalysis
 ---
-* `new Response(x)` is not longer seen as a reflected XSS sink when no`content-type` header
+* `new Response(x)` is not longer seen as a reflected XSS sink when no `content-type` header
  is set, since the content type defaults to `text/plain`.
--- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js
+++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js
@@ -1,6 +1,6 @@
 const express = require('express');

-// Note: We're using express for the taint source in order to to test 'Response'
+// Note: We're using express for the taint source in order to test 'Response'
 // in isolation from the more complicated http frameworks.

 express().get('/foo', (req) => {