From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Sat, 16 Jan 2016 01:23:39 +0100
Subject: XSS in cgit
In-Reply-To: <7B8B10EF-8DCA-4115-9D33-4DD56F670BAB@klever.net>
References: <CAHmME9pf_TjMHYiNuqC4fF5i69w+ntV+Rgv_Tt5c2Y7MnCtgKA@mail.gmail.com>
 <20160113191100.GA1660@dcvr.yhbt.net>
 <CAHmME9qJA5q_n2-+mRsh6tqNdXtRd5e_28JFFQF4RTKjKHjaxQ@mail.gmail.com>
 <CAHmME9odymyXwoAT2qtuvVciEAdGLK44bzyumRf+yPWaVnJkZQ@mail.gmail.com>
 <7B8B10EF-8DCA-4115-9D33-4DD56F670BAB@klever.net>
Message-ID: <CAHmME9r5T7TYaB_cYy2qfX5RFwGG7ctYBQrXMyuCKG-kW0YZZw@mail.gmail.com>

Hi Michael,

Thanks for your response. So the use case was in fact quite specific,
and it seems like our recent treatment of the /plain endpoint handles
that quite well and in a safe manner too.

Okay, I feel solid about the change now. Thanks a bunch.

Jason