[PATCH 2/3] ui-shared: URL-escape script_name

John Keeping john at keeping.me.uk
Sun Jan 12 23:00:01 CET 2014

Previous message: [PATCH 2/3] ui-shared: URL-escape script_name
Next message: [PATCH 3/3] ui-repolist: HTML-escape cgit_rooturl() response
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jan 12, 2014 at 10:18:30PM +0100, Jason A. Donenfeld wrote:
> Are there any circumstances in which this could have prior lead to an XSS?

I'm pretty sure this is entirely under the control of the system
administrator, so it should be fine.

Previous message: [PATCH 2/3] ui-shared: URL-escape script_name
Next message: [PATCH 3/3] ui-repolist: HTML-escape cgit_rooturl() response
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the CGit mailing list