XSS in cgit

[Eric Wong]

"Jason A. Donenfeld" <Jason at zx2c4.com> wrote:
> Given all this, could somebody remind me why we have both /plain and
> /blob handlers? And if it's still necessary to maintain a distinction?
> If not, I will gladly accept patches to unify these.

IIRC, the main difference was blob allows serving tree objects
as-is in binary form while plain generates an HTML directory listing.