XSS in cgit

John Keeping john at keeping.me.uk
Sat Jan 16 10:38:36 CET 2016


On Sat, Jan 16, 2016 at 01:23:39AM +0100, Jason A. Donenfeld wrote:
> Thanks for your response. So the use case was in fact quite specific,
> and it seems like our recent treatment of the /plain endpoint handles
> that quite well and in a safe manner too.
> 
> Okay, I feel solid about the change now. Thanks a bunch.

It doesn't look like Michael's email made it to the list.  Would you
mind summarising the use case?


More information about the CGit mailing list