File tree Expand file tree Collapse file tree 1 file changed +3
-2
lines changed
javascript/ql/src/semmle/javascript/security/dataflow Expand file tree Collapse file tree 1 file changed +3
-2
lines changed Original file line number Diff line number Diff line change @@ -319,7 +319,7 @@ module ReflectedXss {
319319 send .getRouteHandler ( ) = h and
320320 result = nonHtmlContentTypeHeader ( h )
321321 |
322- // not the case that the control just exists without potentially going to the worksFor.
322+ // The HeaderDefinition affects a response sent at `send`.
323323 not isIrrelevantFor ( result , send )
324324 )
325325 }
@@ -333,9 +333,10 @@ module ReflectedXss {
333333 }
334334
335335 /**
336- * Holds if a header set in `header` is unlikely to affect a resonse send in `sender`.
336+ * Holds if a header set in `header` is unlikely to affect a response sent at `sender`.
337337 */
338338 predicate isIrrelevantFor ( HTTP:: HeaderDefinition header , HTTP:: ResponseSendArgument sender ) {
339+ sender .getRouteHandler ( ) = header .getRouteHandler ( ) and
339340 not header .getBasicBlock ( ) .getASuccessor * ( ) = sender .getBasicBlock ( ) and
340341 not sender .getBasicBlock ( ) .getASuccessor * ( ) = header .getBasicBlock ( ) and
341342 (
You can’t perform that action at this time.
0 commit comments