diff options
author | Matt McCutchen <matt@mattmccutchen.net> | 2009-02-07 19:00:09 -0500 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2009-02-08 21:51:25 -0800 |
commit | 7e1100e9e939c9178b2aa3969349e9e8d34488bf (patch) | |
tree | a0238a2d09de9d5f9617e72559d5d79398836f45 /t/t4103-apply-binary.sh | |
parent | rev-list: fix showing distance when using --bisect-all (diff) | |
download | tgif-7e1100e9e939c9178b2aa3969349e9e8d34488bf.tar.xz |
gitweb: add $prevent_xss option to prevent XSS by repository content
Add a gitweb configuration variable $prevent_xss that disables features
to prevent content in repositories from launching cross-site scripting
(XSS) attacks in the gitweb domain. Currently, this option makes gitweb
ignore README.html (a better solution may be worked out in the future)
and serve a blob_plain file of an untrusted type with
"Content-Disposition: attachment", which tells the browser not to show
the file at its original URL.
The XSS prevention is currently off by default.
Signed-off-by: Matt McCutchen <matt@mattmccutchen.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t4103-apply-binary.sh')
0 files changed, 0 insertions, 0 deletions