File tree Expand file tree Collapse file tree 1 file changed +8
-8
lines changed
javascript/ql/lib/semmle/javascript/security/dataflow Expand file tree Collapse file tree 1 file changed +8
-8
lines changed Original file line number Diff line number Diff line change @@ -41,6 +41,14 @@ module ReflectedXss {
4141 )
4242 }
4343
44+ /**
45+ * DEPRECATED: Holds if `h` may send a response with a content type other than HTML.
46+ */
47+ deprecated Http:: HeaderDefinition nonHtmlContentTypeHeader ( Http:: RouteHandler h ) {
48+ result = h .getAResponseHeader ( "content-type" ) and
49+ not exists ( string tp | result .defines ( "content-type" , tp ) | tp .regexpMatch ( "(?i).*html.*" ) )
50+ }
51+
4452 /**
4553 * Gets a HeaderDefinition that defines a XSS safe content-type for `send`.
4654 */
@@ -67,14 +75,6 @@ module ReflectedXss {
6775 ]
6876 }
6977
70- /**
71- * DEPRECATED: Holds if `h` may send a response with a content type other than HTML.
72- */
73- deprecated Http:: HeaderDefinition nonHtmlContentTypeHeader ( Http:: RouteHandler h ) {
74- result = h .getAResponseHeader ( "content-type" ) and
75- not exists ( string tp | result .defines ( "content-type" , tp ) | tp .regexpMatch ( "(?i).*html.*" ) )
76- }
77-
7878 /**
7979 * Holds if `h` may send a response with a content type that is safe for XSS.
8080 */
You can’t perform that action at this time.
0 commit comments