XSS in cgit

Eric Wong normalperson at yhbt.net
Wed Jan 13 20:11:00 CET 2016


"Jason A. Donenfeld" <Jason at zx2c4.com> wrote:
> Given all this, could somebody remind me why we have both /plain and
> /blob handlers? And if it's still necessary to maintain a distinction?
> If not, I will gladly accept patches to unify these.

IIRC, the main difference was blob allows serving tree objects
as-is in binary form while plain generates an HTML directory listing.


More information about the CGit mailing list