False positive: XSS when MimeType.TEXT has been set

[JLLeitschuh]

Description of the false positive

tez-common/src/main/java/org/apache/tez/common/web/ProfileOutputServlet.java:63

URL to the alert on GitHub code scanning (optional)

https://github.com/OSS-Security-Assessments/apache__tez/security/code-scanning/16

False positive of Cross-Site Scripting because the content-type in the response has been set to MimeType.TEXT

[aibaars]

Thanks for reporting. That's indeed a false positive. I'll ask the team to have a look.