]> Sergey Matveev's repositories - public-inbox.git/commit
projects / public-inbox.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 364de65) | patch
view: escape HTML description name
authorEric Wong <e@80x24.org>
Tue, 14 Mar 2017 21:23:39 +0000 (21:23 +0000)
committerEric Wong <e@80x24.org>
Tue, 14 Mar 2017 21:23:39 +0000 (21:23 +0000)
commit92f27ed0be327ab6acb61aeedf7a77702cc6c25f
tree66d945ce8c6415574cd5c33ee82bf8723057fb65tree
parent364de65f8a6b5729027cb70228312a141430122fcommit | diff
view: escape HTML description name

Otherwise funky filenames can cause HTML injection
vulnerabilities (hope you have JavaScript disabled!)
lib/PublicInbox/View.pm diff | blob | history
t/view.t diff | blob | history
My patches to https://public-inbox.org/public-inbox.git