]> Lady’s Gitweb - Gitweb/commit
Lady’s Gitweb / Gitweb / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1ae1a4c)
gitweb: escape html in rss title
authorJeff King <redacted>
Mon, 12 Nov 2012 21:34:28 +0000 (16:34 -0500)
committerLady <redacted>
Mon, 6 Apr 2026 04:51:32 +0000 (00:51 -0400)
commitf3ddf5b87f42b68fad2aebdbbae36f5429051434461615ec57f828442f1c5259
treeb80572c3f8dd8edc99bd6aab64326a7171182c9f6026f1ea4b804815dac7e736tree | snapshot
parent1ae1a4ccaaa9b33e4a82d4c263e0f542e69432cd82e2f361c35858a3dafdbb7dcommit | diff
gitweb: escape html in rss title

The title of an RSS feed is generated from many components,
including the filename provided as a query parameter, but we
failed to quote it.  Besides showing the wrong output, this
is a vector for XSS attacks.

Signed-off-by: Jeff King <redacted>
gitweb.perl diff | blob | history
🐙🌐 Git·web: A C·G·I script for rendering Git repositories
This page took 0.219474 seconds and 5 git commands to generate.