| commit | 77947bbe24e0306d1ce5605c962c4a25f5aca22f | |
| author | Andreas Brauchli <a.brauchli@elementarea.net> | |
| Fri, 29 Jul 2016 14:49:37 +0000 (29 16:49 +0200) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Mon, 1 Aug 2016 19:55:40 +0000 (1 12:55 -0700) | ||
| tree | 008a9810b413fb41071fba1829c93d335f216cf2 | treesnapshot (tar.gz zip) |
| parent | 0b65a8dbdb38962e700ee16776a3042beb489060 | commitdiff |
gitweb: escape link body in format_ref_marker
Fix a case where an html link can be generated from unescaped input
resulting in invalid strict xhtml or potentially injected code.
An overview of a repo with a tag "1.0.0&0.0.1" would previously result
in an unescaped ampersand in the link body.
Signed-off-by: Andreas Brauchli <a.brauchli@elementarea.net>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Fix a case where an html link can be generated from unescaped input
resulting in invalid strict xhtml or potentially injected code.
An overview of a repo with a tag "1.0.0&0.0.1" would previously result
in an unescaped ampersand in the link body.
Signed-off-by: Andreas Brauchli <a.brauchli@elementarea.net>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| gitweb/gitweb.perl | diffblobblamehistory |