aboutsummaryrefslogtreecommitdiff
path: root/patch-delta.c
diff options
context:
space:
mode:
authorJakub Narebski <jnareb@gmail.com>2011-06-30 11:39:20 +0200
committerJunio C Hamano <gitster@pobox.com>2011-06-30 11:26:39 -0700
commit86afbd02c890eca08424174b7d6e583af38b0363 (patch)
treee4efdf51b35e86e67aef5f3c01dfa1a966e46db4 /patch-delta.c
parentbee6ea17a1bab824eba6133eefc3c70b219ec98c (diff)
downloadgit-86afbd02c890eca08424174b7d6e583af38b0363.tar.gz
git-86afbd02c890eca08424174b7d6e583af38b0363.tar.xz
gitweb: Serve text/* 'blob_plain' as text/plain with $prevent_xss
One of mechanism enabled by setting $prevent_xss to true is 'blob_plain' view protection. With XSS prevention on, blobs of all types except a few known safe ones are served with "Content-Disposition: attachment" to make sure they don't run in our security domain. Instead of serving text/* type files, except text/plain (and including text/html), as attachements, downgrade it to text/plain. This way HTML pages in 'blob_plain' (raw) view would be displayed in browser, but safely as a source, and not asked to be saved. Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'patch-delta.c')
0 files changed, 0 insertions, 0 deletions