Default to a string to prevent typeerror

andresriancho · Mar 27, 2019 · 97c019d · 97c019d
1 parent 06d67d5
commit 97c019d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/w3af/plugins/audit/xss.py b/w3af/plugins/audit/xss.py
@@ -176,8 +176,8 @@ def _is_json_response(self, response):
         assessments and is better explained in this stackoverflow question
         https://goo.gl/BgXVJY
         """
-        ct_options, _ = response.get_headers().iget('X-Content-Type-Options')
-        content_type, _ = response.get_headers().iget('Content-Type')
+        ct_options, _ = response.get_headers().iget('X-Content-Type-Options', '')
+        content_type, _ = response.get_headers().iget('Content-Type', '')
 
         if 'application/json' in content_type and 'nosniff' in ct_options:
             # No luck exploiting this JSON XSS