Skip to content

Commit 6ed9a67

Browse files
asgerfasgerf
committed
JS: Change note
1 parent 54606c6 commit 6ed9a67

1 file changed

Lines changed: 5 additions & 0 deletions

File tree

javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* `new Response(x)` is not longer seen as a reflected XSS sink when no`content-type` header
5+
is set, since the content type defaults to `text/plain`.

0 commit comments

Comments
 (0)