From: Andreas Brauchli <redacted>
Date: Fri, 29 Jul 2016 14:49:37 +0000 (+0200)
Subject: gitweb: escape link body in format_ref_marker
X-Git-Url: https://git.ladys.computer/Gitweb/commitdiff_plain/fcd046648df5126917fdf5fec3b324fe8913296a5912ee6b76954fb3f3d127eb

gitweb: escape link body in format_ref_marker

Fix a case where an html link can be generated from unescaped input
resulting in invalid strict xhtml or potentially injected code.

An overview of a repo with a tag "1.0.0&0.0.1" would previously result
in an unescaped ampersand in the link body.

Signed-off-by: Andreas Brauchli <redacted>
Acked-by: Jakub Narębski <redacted>
Signed-off-by: Junio C Hamano <redacted>
---

diff --git a/gitweb.perl b/gitweb.perl
index c191482..a17455b 100755
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -2091,7 +2091,7 @@ sub format_ref_marker {
 				-href => href(
 					action=>$dest_action,
 					hash=>$dest
-				)}, $name);
+				)}, esc_html($name));
 
 			$markers .= " <span class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" .
 				$link . "</span>";