Jeff King 0f0ecf68b3 gitweb: escape html in rss title ...

The title of an RSS feed is generated from many components,
including the filename provided as a query parameter, but we
failed to quote it.  Besides showing the wrong output, this
is a vector for XSS attacks.

Signed-off-by: Jeff King <peff@peff.net>

2012-11-12 16:34:53 -05:00

5.8 KiB

Executable File

Raw Blame History

View Raw