[PATCH] Fix potential XSS vulnerability in rename hint

larsh at hjemli.net larsh at hjemli.net
Fri Jul 22 14:25:21 CEST 2011


On Fri, Jul 22, 2011 at 01:47:19PM +0200, Lukas Fleischer wrote:
> The file name displayed in the rename hint should be escaped to avoid
> XSS. Note that this vulnerability is only applicable when an attacker
> has gained push access to the repository.

Thanks, applied to stable.

--
larsh




More information about the CGit mailing list