From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Sat, 16 Jan 2016 01:23:39 +0100 Subject: XSS in cgit In-Reply-To: <7B8B10EF-8DCA-4115-9D33-4DD56F670BAB@klever.net> References: <20160113191100.GA1660@dcvr.yhbt.net> <7B8B10EF-8DCA-4115-9D33-4DD56F670BAB@klever.net> Message-ID: Hi Michael, Thanks for your response. So the use case was in fact quite specific, and it seems like our recent treatment of the /plain endpoint handles that quite well and in a safe manner too. Okay, I feel solid about the change now. Thanks a bunch. Jason