JS: Clarify that strings are case insensitive by default

asgerf · asgerf · commit 9cf48fc8042b · 2022-06-28T10:09:56.000+02:00
diff --git a/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.qhelp b/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.qhelp
@@ -7,6 +7,7 @@
 <p>
 Using a case-sensitive regular expression path in a middleware route enables an attacker to bypass that middleware
 when accessing an endpoint with a case-insensitive path.
+Paths specified using a string are case insensitive, whereas regular expressions are case sensitive by default.
 </p>
 </overview>
 
