Everywhere else we use html_txt to escape any special characters in
these variables.  Do so here as well.

Signed-off-by: John Keeping <j...@keeping.me.uk>
---
I spotted this while looking at Jason's jd/gravatar series.  The
following two patches cover other similar issues I spotted while
auditing all uses of "html()".  I think everything else is OK.

 ui-refs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui-refs.c b/ui-refs.c
index 20c91e3..c97b0c6 100644
--- a/ui-refs.c
+++ b/ui-refs.c
@@ -155,9 +155,9 @@ static int print_tag(struct refinfo *ref)
        html("</td><td>");
        if (info) {
                if (info->tagger)
-                       html(info->tagger);
+                       html_txt(info->tagger);
        } else if (ref->object->type == OBJ_COMMIT) {
-               html(ref->commit->author);
+               html_txt(ref->commit->author);
        }
        html("</td><td colspan='2'>");
        if (info) {
-- 
1.8.5.226.g0d60d77

_______________________________________________
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit

Reply via email to