[PATCHv2 2/3] Add ability to authorize viewing a repository
Valentin Haenel
valentin.haenel at gmx.de
Mon Oct 29 13:38:18 CET 2012
* Jason A. Donenfeld <Jason at zx2c4.com> [2012-10-28]:
> On Sat, Oct 27, 2012 at 7:00 PM, Ben Boeckel <mathstuf at gmail.com> wrote:
> >> + cgit_print_error(fmt("Authorization failed for repo: '%s' and user: '%s'",
> >> + ctx->repo->name, ctx->env.remote_user));
>
> XSS.
Would it be enough to use 'html_txt' from html.c:
http://git.zx2c4.com/cgit/tree/html.c#n92
to prevent this?
V-
More information about the CGit
mailing list