Whitelist the "target" link attribute in the XSS filter
| | |
|---|
| | | - Fix exception when viewing a ticket with a patchset where the integration branch does not exist (issue-521, ticket-212) |
|---|
| | | - Fix exception when deleting a repository using the FileTicketService (issue-522, ticket-213) |
|---|
| | | - Do not inject team repository permissions as explicit user permissoins when editing a user (issue-462, ticket-214) |
|---|
| | | - Whitelist the target link attribute in the XSS filter (ticket-216) |
|---|
| | | changes: |
|---|
| | | - Replaced Dagger with Guice (ticket-80) |
|---|
| | | - Use release name as root directory in Gitblit GO artifacts (ticket-109) |
|---|
| | |
|---|
| | | - Florian Zschocke |
|---|
| | | - Paul Martin |
|---|
| | | - razzard |
|---|
| | | - Alexander Zabluda |
|---|
| | | } |
|---|
| | | |
|---|
| | | # |
|---|
| | |
|---|
| | | "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "tt", "u", |
|---|
| | | "ul", "var") |
|---|
| | | |
|---|
| | | .addAttributes("a", "class", "href", "style", "title") |
|---|
| | | .addAttributes("a", "class", "href", "style", "target", "title") |
|---|
| | | .addAttributes("blockquote", "cite") |
|---|
| | | .addAttributes("col", "span", "width") |
|---|
| | | .addAttributes("colgroup", "span", "width") |
|---|
