~edwargix/git.sr.ht: Fix XSS issue on raw blobs

3965edd5a7d6a97782abf298b1ec2b38031d4af6 — Drew DeVault 7 years ago ff6f706

Fix XSS issue on raw blobs

patch browse .tar.gz

1 files changed, 3 insertions(+), 1 deletions(-)

M gitsrht/blueprints/repo.py

M gitsrht/blueprints/repo.py => gitsrht/blueprints/repo.py +3 -1

@@ 194,7 194,9 @@ def raw_blob(owner, repo, ref, path):
             abort(404)
 
         return send_file(BytesIO(blob.data),
-                as_attachment=blob.is_binary, attachment_filename=entry.name)
+                as_attachment=blob.is_binary,
+                attachment_filename=entry.name,
+                mimetype="text/plain" if not blob.is_binary else None)
 
 @repo.route("/<owner>/<repo>/archive/<ref>.tar.gz")
 def archive(owner, repo, ref):