Andrew's git / gitweb.git / blobdiff
?
gitweb: esc_html() author in blame
[gitweb.git] / gitweb / gitweb.perl
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index ec46b8091bac2fa890c5e7356482b0842a7d829a..bfadbe25c6f250bf88769aee7449615af4469e65 100755 (executable)
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -2659,7 +2659,7 @@ sub git_blame2 {
                print "<tr class=\"$rev_color[$current_color]\">\n";
                if ($group_size) {
                        print "<td class=\"sha1\"";
-                       print " title=\"$author, $date\"";
+                       print " title=\"". esc_html($author) . ", $date\"";
                        print " rowspan=\"$group_size\"" if ($group_size > 1);
                        print ">";
                        print $cgi->a({-href => href(action=>"commit",