From: Junio C Hamano <junkio@cox.net>
To: Jakub Narebski <jnareb@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] gitweb: protect blob and diff output lines from controls.
Date: Wed, 08 Nov 2006 17:10:19 -0800 [thread overview]
Message-ID: <7vwt65pgqs.fsf@assigned-by-dhcp.cox.net> (raw)
In-Reply-To: <200611090146.25306.jnareb@gmail.com> (Jakub Narebski's message of "Thu, 9 Nov 2006 01:46:25 +0100")
Jakub Narebski <jnareb@gmail.com> writes:
> Junio C Hamano wrote:
>> Jakub Narebski <jnareb@gmail.com> writes:
>>
>>> 1. First, esc_path should _not_ use subroutine which does it's own
>>> contol characters escaping. That was also a mistake I made in my patch.
>>> Perhaps we should have some quot_html or to_html subroutine which does
>>> _only_ to_utf8 (decode from Encode module), escapeHTML and optionally
>>> s/ / /g conversion.
>>
>> I hated that original arrangement,
>
> What did you hate, again?
esc_path calling esc_html you mentioned, of course.
>> obviously wrong in the output with the patch you are responding
>> to. Except that git_blame2 is missing a chomp() on "my $data"
>> after finishing the metainfo loop, that is.
>
> The original (mine) code for esc_path uses esc_html, which did it's
> own partial (very partial) special characters esaping, namely
> \014 (\f) => ^L, \033 (\e) => ^[. So if pathname had form feed character,
> it would be replaced by ^L, not '\f'.
I know -- that is what I meant by "code reuse and consistency".
> You have added quot_cec to esc_html subroutine directly. I don't know
> what is your version of esc_html after the changes you
> made,...
See "pu".
> Well, the pathname has the limit that it must be in single line
> after quoting. The "blob" output is multipage.
I honestly have _no_ idea what distincition you are seeing
here. Both blob and diff output are processed one line at a
time and its result would be on a single line too.
next prev parent reply other threads:[~2006-11-09 1:10 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-08 23:34 [PATCH] gitweb: protect blob and diff output lines from controls Junio C Hamano
2006-11-09 0:04 ` Jakub Narebski
2006-11-09 0:15 ` Junio C Hamano
2006-11-09 0:46 ` Jakub Narebski
2006-11-09 1:10 ` Junio C Hamano [this message]
2006-11-09 9:34 ` Jakub Narebski
2006-11-09 9:24 ` Jakub Narebski
2006-11-09 9:55 ` Junio C Hamano
2006-11-09 10:02 ` Jakub Narebski
2006-11-09 10:34 ` Junio C Hamano
2006-11-09 10:41 ` Jakub Narebski
2006-11-10 10:22 ` Luben Tuikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vwt65pgqs.fsf@assigned-by-dhcp.cox.net \
--to=junkio@cox.net \
--cc=git@vger.kernel.org \
--cc=jnareb@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.