On Wed, Sep 1, 2010 at 10:00, Joshua Juran <jjuran@xxxxxxxxx> wrote: > On Sep 1, 2010, at 2:46 AM, Ævar Arnfjörð Bjarmason wrote: > >> On Wed, Sep 1, 2010 at 09:32, Shivdas Gujare <shivdas.tech@xxxxxxxxx> >> wrote: >> >>> I hope, this is the right mailing list for cgit as well. >>> I am trying to add some "html logs" inside cgit, but I can't open >>> these logs via cgit inside firefox, i.e. cgit open every files in >>> "plain" format, >>> would like to know if it is possible to open "html" pages inside cgit >>> so that if I click on html page added into git, it opens in html and >>> not in plain format. >>> >>> for example: >>> if I click on "download.html" from >>> "http://cgit.freedesktop.org/~lb/mesa/tree/docs"; it shows a raw file >>> as "http://cgit.freedesktop.org/~lb/mesa/tree/docs/download.html"; >>> and if I click on "plain" it opens in firefox like >>> "http://cgit.freedesktop.org/~lb/mesa/plain/docs/download.html"; >>> but here I am trying to open this "download.html" inside cgit so that >>> I can view it like html web page and not as "plain" text file. >>> >>> Thanks for any help or pointers. >> >> I don't know, but that's probably deliberate. You're viewing a /plain/ >> link, which should be the equivalent of "git show". >> >> There's also XSS security implications to serving things as text/html >> on a shared hosting site if the main site serves cookies or otherwise >> has user logins. > > One solution is parse the content server-side and re-render as sanitized > HTML. In addition to stripping out scripts and frames, this would avoid > sending broken markup produced by someone else under your name, or serving > up otherwise well-formed XHTML as text/html. Yes, but have you seen programs that try to secure arbitrary user-supplied HTML like this? It isn't pretty, and very hard to get right. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html