Skip to content

Commit 2c4b352

Browse files
NapalysNapalys
committed
Added change note
1 parent 678eccb commit 2c4b352

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

javascript/ql/lib/change-notes/2025-04-11-nextrequest.md

+5
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`.
5+
* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`.

0 commit comments

Comments
 (0)