hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20918 from asgerf/js/response-default-content-type

Browse Source 
JS: Handle default 'content-type' header in Response() objects
This commit is contained in:
Asger F
2026-01-13 10:34:40 +01:00
committed by GitHub
parent f5b13db4ea bde983b66d
commit ca52fe59e8
5 changed files with 25 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header
is set, since the content type defaults to `text/plain`.