diff options
| author | James Moger <james.moger@gitblit.com> | 2014-09-07 11:52:53 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2014-09-07 11:52:53 -0400 |
| commit | 7fdc298cf06c3d88d4fd9fd158fb4d32edac12a0 (patch) | |
| tree | 7222494b243068e7894fc6b1bff70916fe274bc2 | |
| parent | 11a1739389e9bafa0b89de910105967508b56dbf (diff) | |
| download | gitblit-7fdc298cf06c3d88d4fd9fd158fb4d32edac12a0.tar.gz gitblit-7fdc298cf06c3d88d4fd9fd158fb4d32edac12a0.zip | |
Apply the relaxed XSS filter to Markdown commit messages
| -rw-r--r-- | src/main/java/com/gitblit/wicket/pages/RepositoryPage.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java b/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java index 253c4fe4..2bd9dc6c 100644 --- a/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java +++ b/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java @@ -550,7 +550,8 @@ public abstract class RepositoryPage extends RootPage { String html;
switch (model.commitMessageRenderer) {
case MARKDOWN:
- html = MessageFormat.format("<div class='commit_message'>{0}</div>", content);
+ String safeContent = app().xssFilter().relaxed(content);
+ html = MessageFormat.format("<div class='commit_message'>{0}</div>", safeContent);
break;
default:
html = MessageFormat.format("<pre class='commit_message'>{0}</pre>", content);
|