diff options
| author | Andreas Brauchli <a.brauchli@elementarea.net> | 2016-07-29 14:49:37 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-08-01 19:55:40 (GMT) |
| commit | 77947bbe24e0306d1ce5605c962c4a25f5aca22f (patch) | |
| tree | 008a9810b413fb41071fba1829c93d335f216cf2 | |
| parent | 0b65a8dbdb38962e700ee16776a3042beb489060 (diff) | |
| download | git-77947bbe24e0306d1ce5605c962c4a25f5aca22f.zip git-77947bbe24e0306d1ce5605c962c4a25f5aca22f.tar.gz git-77947bbe24e0306d1ce5605c962c4a25f5aca22f.tar.bz2 | |
gitweb: escape link body in format_ref_marker
Fix a case where an html link can be generated from unescaped input
resulting in invalid strict xhtml or potentially injected code.
An overview of a repo with a tag "1.0.0&0.0.1" would previously result
in an unescaped ampersand in the link body.
Signed-off-by: Andreas Brauchli <a.brauchli@elementarea.net>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rwxr-xr-x | gitweb/gitweb.perl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 2fddf75..33d701d 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -2090,7 +2090,7 @@ sub format_ref_marker { -href => href( action=>$dest_action, hash=>$dest - )}, $name); + )}, esc_html($name)); $markers .= " <span class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" . $link . "</span>"; |