XSS in cgit

Jason A. Donenfeld Jason at zx2c4.com
Thu Jan 14 13:59:37 CET 2016

I like this idea. The hard part is -- when HTML-serving mode is not
enabled, what mime types do we restrict? Krzysztof - is there a safe
and future-proof list of mimetypes that we can blacklist?

More information about the CGit mailing list