Please sign in to comment.
gitweb: escape html in rss title
The title of an RSS feed is generated from many components, including the filename provided as a query parameter, but we failed to quote it. Besides showing the wrong output, this is a vector for XSS attacks. Signed-off-by: Jeff King <email@example.com>
- Loading branch information...
Showing with 16 additions and 0 deletions.