Apply suggestions from code review

asgerf · Copilot · web-flow · commit 7c0243fc6dd3 · 2025-11-27T13:18:11.000+01:00
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md b/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md
@@ -1,5 +1,5 @@
 ---
 category: minorAnalysis
 ---
-* `new Response(x)` is not longer seen as a reflected XSS sink when no`content-type` header
+* `new Response(x)` is not longer seen as a reflected XSS sink when no `content-type` header
   is set, since the content type defaults to `text/plain`.
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js
@@ -1,6 +1,6 @@
 const express = require('express');
 
-// Note: We're using express for the taint source in order to to test 'Response'
+// Note: We're using express for the taint source in order to test 'Response'
 // in isolation from the more complicated http frameworks.
 
 express().get('/foo', (req) => {
