Re: [PATCH] gitweb: Make $prevent_xss protection for 'blob_plain' more usable

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jakub Narebski <jnareb@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org, Matt McCutchen <matt@mattmccutchen.net>
Subject: Re: [PATCH] gitweb: Make $prevent_xss protection for 'blob_plain' more usable
Date: Tue, 14 Jun 2011 03:33:57 +0200	[thread overview]
Message-ID: <201106140333.58351.jnareb@gmail.com> (raw)
In-Reply-To: <7vy615mily.fsf@alter.siamese.dyndns.org>

Junio C Hamano wrote:
> Jakub Narebski <jnareb@gmail.com> writes:
> 
>>> Hmph, wouldn't it be more straightforward if you dropped the statement
>>> modifier?  I.e.
>>> 
>>> 	my ($subtype, $rest) = ($1, $2);
>>> 	$rest = '' unless defined $rest;
>>> 	$type = "text/plain$rest";
>>
>> Yes, of course.
>>
>> I don't know why I decided that avoiding rewriting 'text/plain; 
>> charset=utf-8' case was important.
> 
> Just to make sure I understand what you are saying...
> 
>     my $type = 'text/plain; charset=utf-8';
>     if ($type =~ m|^text/([a-z]+)\b(.*)$|) {
>  	my ($subtype, $rest) = ($1, $2);
>  	$rest = '' unless defined $rest;
>  	$type = "text/plain$rest";
>         print "Type is now <$type>\n";
>     }
> 
> 
> does yield "text/plain; charset=utf-8". It does rewrite but rewrite to
> exactly the same thing, so...

Yes, it does rewrite to the same thing.  And the code is simpler,
therefore better. 

-- 
Jakub Narebski
Poland

     prev parent reply	other threads:[~2011-06-14  1:34 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-06-04  8:43 [PATCH] gitweb: Fix usability of $prevent_xss Jakub Narebski
2011-06-04 21:15 ` Prevalence " Matt McCutchen
2011-06-04 21:53   ` Jakub Narebski
2011-06-05  9:03   ` Implementing CSP (Content Security Policy) for gitweb in the future Jakub Narebski
2011-06-05 12:52     ` Matt McCutchen
2011-06-05 13:33       ` Jakub Narebski
2011-06-05 16:46         ` Matt McCutchen
2011-06-08 10:27           ` Jakub Narebski
2011-06-08 17:31             ` J.H.
2011-06-10 12:01 ` [PATCH] gitweb: Make $prevent_xss protection for 'blob_plain' more usable Jakub Narebski
2011-06-13 16:47   ` Junio C Hamano
2011-06-13 21:49     ` Jakub Narebski
2011-06-13 23:12       ` Junio C Hamano
2011-06-14  1:33         ` Jakub Narebski [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201106140333.58351.jnareb@gmail.com \
    --to=jnareb@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=matt@mattmccutchen.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).