From 850b90a51d5ed122cee5c2f3ad4c3e513a05259a Mon Sep 17 00:00:00 2001 From: Jakub Narebski Date: Sat, 16 Feb 2008 23:07:46 +0100 Subject: [PATCH] gitweb: Fix displaying unchopped argument in chop_and_escape_str Do not use esc_html to escape [title] _attribute_ of a HTML element, and quote unprintable characters. Replace unprintable characters by '?' and use CGI method to generate HTML element and do the escaping. This caused bug noticed by Martin Koegler, Message-ID: <20080216130037.GA14571@auto.tuwien.ac.at> that for bad commit encoding in author name, the title attribute (here to show full, not shortened name) had embedded HTML code in it, result of quoting unprintable characters the gitweb/HTML way. This of course broke the HTML, causing page being not displayed in XML validating web browsers. Signed-off-by: Jakub Narebski Signed-off-by: Junio C Hamano --- gitweb/gitweb.perl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 5e88637b5..47e3a4134 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -866,8 +866,8 @@ sub chop_and_escape_str { if ($chopped eq $str) { return esc_html($chopped); } else { - return qq{} . - esc_html($chopped) . qq{}; + $str =~ s/([[:cntrl:]])/?/g; + return $cgi->span({-title=>$str}, esc_html($chopped)); } } -- 2.30.2