Apply the relaxed XSS filter to Markdown commit messages

James Moger

2014-09-07 7fdc298cf06c3d88d4fd9fd158fb4d32edac12a0

Apply the relaxed XSS filter to Markdown commit messages

 src/main/java/com/gitblit/wicket/pages/RepositoryPage.java

@@ -550,7 +550,8 @@
        String html;

        switch (model.commitMessageRenderer) {

        case MARKDOWN:

            html = MessageFormat.format("<div class='commit_message'>{0}</div>", content);

            String safeContent = app().xssFilter().relaxed(content);

            html = MessageFormat.format("<div class='commit_message'>{0}</div>", safeContent);

            break;

        default:

            html = MessageFormat.format("<pre class='commit_message'>{0}</pre>", content);