]> Lady’s Gitweb - Gitweb/blobdiff - gitweb.cgi
Lady’s Gitweb / Gitweb / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
gitweb: escape tag comments
[Gitweb] / gitweb.cgi
diff --git a/gitweb.cgi b/gitweb.cgi
index 73a2763134389afb856fc127b8794fc856dbd8411515b75c99d71fee07506530..90fff76de8c4fe3cd8ce2ea31c75e38553d22d5fcf358076d4a8a08e569fcc9d 100755 (executable)
--- a/gitweb.cgi
+++ b/gitweb.cgi
@@ -1138,7 +1138,7 @@ sub git_summary {
                                      "</td>\n" .
                                      "<td>";
                                if (defined($comment)) {
-                                     print $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, $comment);
+                                     print $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, esc_html($comment));
                                }
                                print "</td>\n" .
                                      "<td class=\"link\">";
🐙🌐 Git·web: A C·G·I script for rendering Git repositories
This page took 0.25357 seconds and 4 git commands to generate.