Up to [cvsweb.bsd.lv] / mandoc
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: VERSION_1_13_1
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jul 22 18:14:13 2014 UTC (9 years, 8 months ago) by schwarze
Branch: MAIN
CVS Tags: VERSION_1_13_1
Changes since 1.8: +40 -2 lines
Diff to previous 1.8 (unified)
Security fix to prevent XSS attacks: Restrict the character set of strings passed into html_alloc(), in particular architecture names that come from the QUERY_STRING, but also SCRIPT_NAME and manpath.conf content for additional safety, and bail out safely on violations. Issue reported by Sebastien Marie <semarie-openbsd at latrappe dot fr>.