Merge branch 'ab/gitweb-link-html-escape' into maint

The characters in the label shown for tags/refs for commits in "gitweb" output are now properly escaped for proper HTML output. * ab/gitweb-link-html-escape: gitweb: escape link body in format_ref_marker
2016-08-10 11:55:30 -07:00 · 2016-08-10 11:55:30 -07:00 · 1dc4aa67d6
commit 1dc4aa67d6
parent 85b2ea29e8 77947bbe24
1 changed files with 1 additions and 1 deletions
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@ -2090,7 +2090,7 @@ sub format_ref_marker {
 				-href => href(
 					action=>$dest_action,
 					hash=>$dest
-				)}, $name);
+				)}, esc_html($name));

 			$markers .= " <span class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" .
 				$link . "</span>";