On Sat, 4 Jul 2011, Matt McCutchen wrote: > On Sat, 2011-06-04 at 10:43 +0200, Jakub Narebski wrote: > > The fact that it this buglet was present for so long, since its > > introduction by Matt McCutchen in 7e1100e (gitweb: add $prevent_xss > > option to prevent XSS by repository content, 2009-02-07) without > > complaint shows that not many people are using this feature... Well, and the fact that it is just minor issue (and might not be visible at all if there is mime.types file, and text files do use mime.types extensions). > Yes. Well, I'm still using it, and I found a few mentions on the web: > > https://android.git.kernel.org/?p=tools/gerrit.git;a=blob;f=gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitWebServlet.java;h=947fbb423f1f8cf46db9876f4b80c600cdf9ee41;hb=HEAD#l193 > http://ao2.it/wiki/How_to_setup_a_GIT_server_with_gitosis_and_gitweb > http://www.digitalfoo.net/posts/2009/11/git,_gitosis,_gitweb_on_FreeBSD/ Thanks for research. Nice to know. > And there are probably others who did their own custom things (GitHub?) > before the feature was added upstream. GitHub does not use gitweb, but its own [integrated] custom web interface. -- Jakub Narebski Poland -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html