Skip to content

Commit 1781179

Browse files
committed
doc fixes
1 parent c4ebd66 commit 1781179

File tree

1 file changed

+3
-2
lines changed
  • javascript/ql/src/semmle/javascript/security/dataflow

1 file changed

+3
-2
lines changed

javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -319,7 +319,7 @@ module ReflectedXss {
319319
send.getRouteHandler() = h and
320320
result = nonHtmlContentTypeHeader(h)
321321
|
322-
// not the case that the control just exists without potentially going to the worksFor.
322+
// The HeaderDefinition affects a response sent at `send`.
323323
not isIrrelevantFor(result, send)
324324
)
325325
}
@@ -333,9 +333,10 @@ module ReflectedXss {
333333
}
334334

335335
/**
336-
* Holds if a header set in `header` is unlikely to affect a resonse send in `sender`.
336+
* Holds if a header set in `header` is unlikely to affect a response sent at `sender`.
337337
*/
338338
predicate isIrrelevantFor(HTTP::HeaderDefinition header, HTTP::ResponseSendArgument sender) {
339+
sender.getRouteHandler() = header.getRouteHandler() and
339340
not header.getBasicBlock().getASuccessor*() = sender.getBasicBlock() and
340341
not sender.getBasicBlock().getASuccessor*() = header.getBasicBlock() and
341342
(

0 commit comments

Comments
 (0)