Merge branch 'jk/maint-gitweb-xss'

Fixes an XSS vulnerability in gitweb. * jk/maint-gitweb-xss: gitweb: escape html in rss title
2012-11-20 10:37:27 -08:00
parent 05849c4818 0f0ecf68b3
commit 79a09bba1c
2 changed files with 16 additions and 0 deletions
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@ -8054,6 +8054,7 @@ sub git_feed {
 		$feed_type = 'history';
 	}
 	$title .= " $feed_type";
+	$title = esc_html($title);
 	my $descr = git_get_project_description($project);
 	if (defined $descr) {
 		$descr = esc_html($descr);