File tree Expand file tree Collapse file tree 1 file changed +3
-5
lines changed
javascript/ql/lib/semmle/javascript/security/dataflow Expand file tree Collapse file tree 1 file changed +3
-5
lines changed Original file line number Diff line number Diff line change @@ -29,12 +29,12 @@ module ReflectedXss {
2929 }
3030
3131 /**
32- * DEPRECATED: Gets a HeaderDefinition that defines a XSS safe content-type for `send`.
32+ * DEPRECATED: Gets a HeaderDefinition that defines a non-html safe content-type for `send`.
3333 */
3434 deprecated Http:: HeaderDefinition getANonHtmlHeaderDefinition ( Http:: ResponseSendArgument send ) {
3535 exists ( Http:: RouteHandler h |
3636 send .getRouteHandler ( ) = h and
37- result = xssSafeContentTypeHeader ( h )
37+ result = nonHtmlContentTypeHeader ( h )
3838 |
3939 // The HeaderDefinition affects a response sent at `send`.
4040 headerAffects ( result , send )
@@ -72,9 +72,7 @@ module ReflectedXss {
7272 */
7373 deprecated Http:: HeaderDefinition nonHtmlContentTypeHeader ( Http:: RouteHandler h ) {
7474 result = h .getAResponseHeader ( "content-type" ) and
75- not exists ( string tp | result .defines ( "content-type" , tp ) |
76- tp .toLowerCase ( ) .matches ( xssUnsafeContentType ( ) + "%" )
77- )
75+ not exists ( string tp | result .defines ( "content-type" , tp ) | tp .regexpMatch ( "(?i).*html.*" ) )
7876 }
7977
8078 /**
You can’t perform that action at this time.
0 commit comments