From 77947bbe24e0306d1ce5605c962c4a25f5aca22f Mon Sep 17 00:00:00 2001 From: Andreas Brauchli Date: Fri, 29 Jul 2016 16:49:37 +0200 Subject: gitweb: escape link body in format_ref_marker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix a case where an html link can be generated from unescaped input resulting in invalid strict xhtml or potentially injected code. An overview of a repo with a tag "1.0.0&0.0.1" would previously result in an unescaped ampersand in the link body. Signed-off-by: Andreas Brauchli Acked-by: Jakub Narębski Signed-off-by: Junio C Hamano --- gitweb/gitweb.perl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gitweb/gitweb.perl') diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 2fddf750f..33d701d85 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -2090,7 +2090,7 @@ sub format_ref_marker { -href => href( action=>$dest_action, hash=>$dest - )}, $name); + )}, esc_html($name)); $markers .= " " . $link . ""; -- cgit v1.2.1