diff options
| author | Andreas Brauchli <a.brauchli@elementarea.net> | 2016-07-29 16:49:37 +0200 | 
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-08-01 12:55:40 -0700 | 
| commit | 77947bbe24e0306d1ce5605c962c4a25f5aca22f (patch) | |
| tree | 008a9810b413fb41071fba1829c93d335f216cf2 /gitweb/gitweb.perl | |
| parent | 0b65a8dbdb38962e700ee16776a3042beb489060 (diff) | |
| download | git-77947bbe24e0306d1ce5605c962c4a25f5aca22f.tar.gz | |
gitweb: escape link body in format_ref_markerab/gitweb-link-html-escape
Fix a case where an html link can be generated from unescaped input
resulting in invalid strict xhtml or potentially injected code.
An overview of a repo with a tag "1.0.0&0.0.1" would previously result
in an unescaped ampersand in the link body.
Signed-off-by: Andreas Brauchli <a.brauchli@elementarea.net>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'gitweb/gitweb.perl')
| -rwxr-xr-x | gitweb/gitweb.perl | 2 | 
1 files changed, 1 insertions, 1 deletions
| diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 2fddf750fa..33d701d852 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -2090,7 +2090,7 @@ sub format_ref_marker {  				-href => href(  					action=>$dest_action,  					hash=>$dest -				)}, $name); +				)}, esc_html($name));  			$markers .= " <span class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" .  				$link . "</span>"; | 
