Update basic-xss-prober.yaml
IMHO its better to test for text/html to report a possible XSS, there are a more content types that could cause reflect the content and dont have a XSS. like javascript, css, plaintext files, etc.patch-1
parent
18e4552cab
commit
35b585fc3a
|
@ -21,6 +21,5 @@ requests:
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "application/json"
|
- "text/html"
|
||||||
part: header
|
part: header
|
||||||
negative: true
|
|
Loading…
Reference in New Issue