Everywhere else we use html_txt to escape any special characters in these variables. Do so here as well.
Signed-off-by: John Keeping <[email protected]> --- I spotted this while looking at Jason's jd/gravatar series. The following two patches cover other similar issues I spotted while auditing all uses of "html()". I think everything else is OK. ui-refs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ui-refs.c b/ui-refs.c index 20c91e3..c97b0c6 100644 --- a/ui-refs.c +++ b/ui-refs.c @@ -155,9 +155,9 @@ static int print_tag(struct refinfo *ref) html("</td><td>"); if (info) { if (info->tagger) - html(info->tagger); + html_txt(info->tagger); } else if (ref->object->type == OBJ_COMMIT) { - html(ref->commit->author); + html_txt(ref->commit->author); } html("</td><td colspan='2'>"); if (info) { -- 1.8.5.226.g0d60d77 _______________________________________________ CGit mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/cgit
