path: root/gitweb/README
diff options
authorJunio C Hamano <>2009-02-09 06:07:53 (GMT)
committerJunio C Hamano <>2009-02-09 06:07:53 (GMT)
commitdf487baa30924a36ade38ada4f77379236dcce0f (patch)
treeeab81e8a4c2a6750fa0bf7b116720ccea7d0b7fb /gitweb/README
parenta9ee90d7ff9f3854b3096b4abbdc2013708704f5 (diff)
parent7e1100e9e939c9178b2aa3969349e9e8d34488bf (diff)
Merge branch 'maint'
* maint: gitweb: add $prevent_xss option to prevent XSS by repository content rev-list: fix showing distance when using --bisect-all
Diffstat (limited to 'gitweb/README')
1 files changed, 8 insertions, 1 deletions
diff --git a/gitweb/README b/gitweb/README
index a9dc2e5..8433dd1 100644
--- a/gitweb/README
+++ b/gitweb/README
@@ -212,6 +212,11 @@ not include variables usually directly set during build):
Rename detection options for git-diff and git-diff-tree. By default
('-M'); set it to ('-C') or ('-C', '-C') to also detect copies, or
set it to () if you don't want to have renames detection.
+ * $prevent_xss
+ If true, some gitweb features are disabled to prevent content in
+ repositories from launching cross-site scripting (XSS) attacks. Set this
+ to true if you don't trust the content of your repositories. The default
+ is false.
Projects list file format
@@ -258,7 +263,9 @@ You can use the following files in repository:
A .html file (HTML fragment) which is included on the gitweb project
summary page inside <div> block element. You can use it for longer
description of a project, to provide links (for example to project's
- homepage), etc.
+ homepage), etc. This is recognized only if XSS prevention is off
+ ($prevent_xss is false); a way to include a readme safely when XSS
+ prevention is on may be worked out in the future.
* description (or gitweb.description)
Short (shortened by default to 25 characters in the projects list page)
single line description of a project (of a repository). Plain text file;