diff --git a/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md b/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md
index d7b5116fe1e..e39d82695de 100644
--- a/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md
+++ b/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md
@@ -1,5 +1,5 @@
 ---
 category: minorAnalysis
 ---
-* `new Response(x)` is not longer seen as a reflected XSS sink when no`content-type` header
+* `new Response(x)` is not longer seen as a reflected XSS sink when no `content-type` header
   is set, since the content type defaults to `text/plain`.
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js
index 5d802709410..87ed6d826a6 100644
--- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js
+++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js
@@ -1,6 +1,6 @@
 const express = require('express');
 
-// Note: We're using express for the taint source in order to to test 'Response'
+// Note: We're using express for the taint source in order to test 'Response'
 // in isolation from the more complicated http frameworks.
 
 express().get('/foo', (req) => {