I like this idea. The hard part is -- when HTML-serving mode is not enabled, what mime types do we restrict? Krzysztof - is there a safe and future-proof list of mimetypes that we can blacklist? _______________________________________________ CGit mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/cgit
- XSS in cgit Jason A. Donenfeld
- Re: XSS in cgit Eric Wong
- Re: XSS in cgit John Keeping
- Re: XSS in cgit Jason A. Donenfeld
- Re: XSS in cgit John Keeping
- Re: XSS in cgit Ferry Huberts
- Re: XSS in cgit Jason A. Donenfeld
- Re: XSS in cgit Jason A. Donenfeld
