diff options
author | Andreas Brauchli <a.brauchli@elementarea.net> | 2016-07-29 16:49:37 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-08-01 12:55:40 -0700 |
commit | 77947bbe24e0306d1ce5605c962c4a25f5aca22f (patch) | |
tree | 008a9810b413fb41071fba1829c93d335f216cf2 /gitweb | |
parent | 0b65a8dbdb38962e700ee16776a3042beb489060 (diff) | |
download | git-77947bbe24e0306d1ce5605c962c4a25f5aca22f.tar.gz |
gitweb: escape link body in format_ref_markerab/gitweb-link-html-escape
Fix a case where an html link can be generated from unescaped input
resulting in invalid strict xhtml or potentially injected code.
An overview of a repo with a tag "1.0.0&0.0.1" would previously result
in an unescaped ampersand in the link body.
Signed-off-by: Andreas Brauchli <a.brauchli@elementarea.net>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'gitweb')
-rwxr-xr-x | gitweb/gitweb.perl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 2fddf750fa..33d701d852 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -2090,7 +2090,7 @@ sub format_ref_marker { -href => href( action=>$dest_action, hash=>$dest - )}, $name); + )}, esc_html($name)); $markers .= " <span class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" . $link . "</span>"; |