From: James Moger Date: Sun, 7 Sep 2014 15:52:53 +0000 (-0400) Subject: Apply the relaxed XSS filter to Markdown commit messages X-Git-Tag: v1.6.1~45^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Ftickets%2F64%2F164%2F1;p=gitblit.git Apply the relaxed XSS filter to Markdown commit messages --- diff --git a/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java b/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java index 253c4fe4..2bd9dc6c 100644 --- a/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java +++ b/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java @@ -550,7 +550,8 @@ public abstract class RepositoryPage extends RootPage { String html; switch (model.commitMessageRenderer) { case MARKDOWN: - html = MessageFormat.format("
{0}
", content); + String safeContent = app().xssFilter().relaxed(content); + html = MessageFormat.format("
{0}
", safeContent); break; default: html = MessageFormat.format("
{0}
", content);