Closed tkurki closed 6 days ago
Replace plain res.send calls that set mime type to text/html with res.json or set mime type explicitly to text/plain so that there is less chance of injecting html content.
Replace plain res.send calls that set mime type to text/html with res.json or set mime type explicitly to text/plain so that there is less chance of injecting html content.