[PATCH 2/3] ui-shared: URL-escape script_name

2014-01-12 Thread John Keeping
As far as I know, there is no requirement that $SCRIPT_NAME contain only URL-safe characters, so we need to make sure that any special characters are escaped. Signed-off-by: John Keeping j...@keeping.me.uk --- ui-shared.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git

Re: [PATCH 2/3] ui-shared: URL-escape script_name

2014-01-12 Thread Jason A. Donenfeld
Are there any circumstances in which this could have prior lead to an XSS? ___ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit