| commit | 0f0ecf68b31303de7cb428554e27d433fe62180e | |
| author | Jeff King <peff@peff.net> | |
| Mon, 12 Nov 2012 21:34:28 +0000 (12 16:34 -0500) | ||
| committer | Jeff King <peff@peff.net> | |
| Mon, 12 Nov 2012 21:34:53 +0000 (12 16:34 -0500) | ||
| tree | d1f8f5902fb5ff6dd45ba21e6fce2a5d6e7f185d | treesnapshot (tar.gz zip) |
| parent | 7e2010537e96d0a1144520222f20ba1dc3d61441 | commitdiff |
gitweb: escape html in rss title
The title of an RSS feed is generated from many components,
including the filename provided as a query parameter, but we
failed to quote it. Besides showing the wrong output, this
is a vector for XSS attacks.
Signed-off-by: Jeff King <peff@peff.net>
The title of an RSS feed is generated from many components,
including the filename provided as a query parameter, but we
failed to quote it. Besides showing the wrong output, this
is a vector for XSS attacks.
Signed-off-by: Jeff King <peff@peff.net>
| gitweb/gitweb.perl | diffblobblamehistory | |
| t/t9502-gitweb-standalone-parse-output.sh | diffblobblamehistory |