]> Lady’s Gitweb - Gitweb/commit
Lady’s Gitweb / Gitweb / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e0794c8)
gitweb: escape link body in format_ref_marker
authorAndreas Brauchli <redacted>
Fri, 29 Jul 2016 14:49:37 +0000 (16:49 +0200)
committerLady <redacted>
Mon, 6 Apr 2026 04:51:32 +0000 (00:51 -0400)
commitfcd046648df5126917fdf5fec3b324fe8913296a5912ee6b76954fb3f3d127eb
tree637cc88dd6fd38de4f502718b638e0710c77310e71431074a70d0552ac89bf81tree | snapshot
parente0794c82b3b3769fd4c646ba0c7613f28b3983b5c45c016948b9b29c6dffc7f8commit | diff
gitweb: escape link body in format_ref_marker

Fix a case where an html link can be generated from unescaped input
resulting in invalid strict xhtml or potentially injected code.

An overview of a repo with a tag "1.0.0&0.0.1" would previously result
in an unescaped ampersand in the link body.

Signed-off-by: Andreas Brauchli <redacted>
Acked-by: Jakub Narębski <redacted>
Signed-off-by: Junio C Hamano <redacted>
gitweb.perl diff | blob | history
🐙🌐 Git·web: A C·G·I script for rendering Git repositories
This page took 0.153758 seconds and 4 git commands to generate.