GNOME Bugzilla – Bug 755436
gitg doesn't escape the commit message
Last modified: 2015-09-23 06:58:58 UTC
In libgitg/resources/ui/diff-view/diff-view.js, function prettify_message: var escaped = html_escape(ret); escaped = ret.replace(/(https?:[^\s]*[^.])/g, "<a href=\"$1\" onclick=\"javascript:return open_url(this);\">$1</a>"); return escaped; The result of html_escape is not used because it uses ret.replace instead of escaped.replace.
Created attachment 311904 [details] [review] Properly escape commit messages in diff view
Review of attachment 311904 [details] [review]: Looks good. Please push it to gnome-3-18 only.
Attachment 311904 [details] pushed as 8152820 - Properly escape commit messages in diff view
(In reply to Ignacio Casal Quinteiro (nacho) from comment #2) > Review of attachment 311904 [details] [review] [review]: > > Looks good. Please push it to gnome-3-18 only. Do you mean that related code in master branch will be modified soon, so we should not push this change to it now?
Yup, just pushed to master the other branch. Cheers.