W dniu 29.07.2016 o 16:49, Andreas Brauchli pisze:
> Fix a case where an html link can be generated from unescaped input
> resulting in invalid strict xhtml or potentially injected code.
>
> An overview of a repo with a tag "1.0.0&0.0.1" would previously result
> in an unescaped amperstand in the link body.
s/amperstand/ampersand/
^---------------- [ spurious 't' ]
Unescaped ampersand would cause trouble if gitweb output is in XHTML
mode, as some web browsers are strict about validating XML, and do not
display anything (note: this detail is unnecessary in the commit
message).
I guess that "1.0.0&0.0.1" tags are something encountered in real
repositories, while "1<b>2" would be just something evil...
>
> Signed-off-by: Andreas Brauchli <a.brauchli@xxxxxxxxxxxxxxx>
Good catch!
Acked-by: Jakub Narębski <jnareb@xxxxxxxxx>
> ---
> gitweb/gitweb.perl | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
> index 2fddf75..33d701d 100755
> --- a/gitweb/gitweb.perl
> +++ b/gitweb/gitweb.perl
> @@ -2090,7 +2090,7 @@ sub format_ref_marker {
> -href => href(
> action=>$dest_action,
> hash=>$dest
> - )}, $name);
> + )}, esc_html($name));
>
> $markers .= " <span
> class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" .
> $link . "</span>";
>
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html