[PATCH 1/3] ui-refs: escape HTML chars in author and tagger names

2014-01-12 Thread John Keeping
Everywhere else we use html_txt to escape any special characters in these variables. Do so here as well. Signed-off-by: John Keeping j...@keeping.me.uk --- I spotted this while looking at Jason's jd/gravatar series. The following two patches cover other similar issues I spotted while auditing

Re: [PATCH 1/3] ui-refs: escape HTML chars in author and tagger names

2014-01-12 Thread Jason A. Donenfeld
Same question here -- XSS potential? ___ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit