On 21/10/2007, Shawn O. Pearce <spearce@xxxxxxxxxxx> wrote:
> Nice, but...
>
> David Symonds <dsymonds@xxxxxxxxx> wrote:
> > +++ b/gitweb/gitweb.perl
> > @@ -3461,9 +3461,15 @@ sub git_shortlog_body {
> > print "<tr class=\"light\">\n";
> > }
> > $alternate ^= 1;
> > + my $author = chop_str($co{'author_name'}, 10);
> > + if ($author ne $co{'author_name'}) {
> > + $author = "<span title=\"$co{'author_name'}\">" . esc_html($author) . "</span>";
>
> Doesn't this produce invalid HTML if $co{'author_name'} has a special
> HTML character in it such as & or "? Note that " is much more likely
> as it is often used for nicknames. The old code properly escaped
> the author name, and indeed you are doing it for the abbreviated
> version but not the full version.
Sure, I'll fix it up and resend. I might even refactor some code at
the same time.
Dave.
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
