W dniu 29.07.2016 o 16:49, Andreas Brauchli pisze:
> Fix a case where an html link can be generated from unescaped input
> resulting in invalid strict xhtml or potentially injected code.
> 
> An overview of a repo with a tag "1.0.0&0.0.1" would previously result
> in an unescaped amperstand in the link body.

s/amperstand/ampersand/
        ^---------------- [ spurious 't' ]

Unescaped ampersand would cause trouble if gitweb output is in XHTML
mode, as some web browsers are strict about validating XML, and do not
display anything (note: this detail is unnecessary in the commit
message).

I guess that "1.0.0&0.0.1" tags are something encountered in real
repositories, while "1<b>2" would be just something evil...

> 
> Signed-off-by: Andreas Brauchli <a.brauc...@elementarea.net>

Good catch!

Acked-by: Jakub Narębski <jna...@gmail.com>

> ---
>  gitweb/gitweb.perl | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
> index 2fddf75..33d701d 100755
> --- a/gitweb/gitweb.perl
> +++ b/gitweb/gitweb.perl
> @@ -2090,7 +2090,7 @@ sub format_ref_marker {
>                                 -href => href(
>                                         action=>$dest_action,
>                                         hash=>$dest
> -                               )}, $name);
> +                               )}, esc_html($name));
> 
>                         $markers .= " <span
> class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" .
>                                 $link . "</span>";
> 


--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to