]> Lady’s Gitweb - Gitweb/commit
Lady’s Gitweb / Gitweb / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7d13b11)
gitweb: Introduce esc_attr to escape attributes of HTML elements
authorJakub Narebski <redacted>
Tue, 14 Dec 2010 23:34:01 +0000 (00:34 +0100)
committerLady <redacted>
Mon, 6 Apr 2026 04:51:30 +0000 (00:51 -0400)
commitbd8505d5f7b593d93930a15c9f2fec92086afcc09522fd394411cd6ffddb64eb
treed629a2a94e38214f858073e188bb692410b601483dbbabeec4a4680d393cf860tree | snapshot
parent7d13b118d884ee26d141ea545aca0b70d9baa0fee873234d6f5e385af21bb1ddcommit | diff
gitweb: Introduce esc_attr to escape attributes of HTML elements

It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.

While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code.  Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).

This fixes CVE-2010-3906

Reported-by: Emanuele Gentili <redacted>
Helped-by: John 'Warthog9' Hawley <redacted>
Helped-by: Jonathan Nieder <redacted>
Signed-off-by: Jakub Narebski <redacted>
Signed-off-by: Junio C Hamano <redacted>
gitweb.perl diff | blob | history
🐙🌐 Git·web: A C·G·I script for rendering Git repositories
This page took 0.185238 seconds and 4 git commands to generate.