gitweb: escape link body in format_ref_marker

Fix a case where an html link can be generated from unescaped input
resulting in invalid strict xhtml or potentially injected code.

An overview of a repo with a tag "1.0.0&0.0.1" would previously result
in an unescaped ampersand in the link body.

Signed-off-by: Andreas Brauchli <redacted>
Acked-by: Jakub Narębski <redacted>
Signed-off-by: Junio C Hamano <redacted>

diff --git a/gitweb.perl b/gitweb.perl
index c19148234ff7ae0956589878b7c0755d53399961a72f4daf712bffd18e4555e6..a17455bb84567661ef2d63304f014d72ceb091a954861f20403d2f5ba93b2a72 100755 (executable)
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -2091,7 +2091,7 @@ sub format_ref_marker {
                                -href => href(
                                        action=>$dest_action,
                                        hash=>$dest
-                               )}, $name);
+                               )}, esc_html($name));
 
                        $markers .= " <span class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" .
                                $link . "</span>";