Merge branch 'ab/gitweb-link-html-escape' into maint

The characters in the label shown for tags/refs for commits in
"gitweb" output are now properly escaped for proper HTML output.

* ab/gitweb-link-html-escape:
  gitweb: escape link body in format_ref_marker

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 2fddf750fabf9ac2d079777ad7bd7953c2477f9c..33d701d8525fd9334e4a899a807c8f8f0164dcc5 100755 (executable)
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -2090,7 +2090,7 @@ sub format_ref_marker {
                                -href => href(
                                        action=>$dest_action,
                                        hash=>$dest
-                               )}, $name);
+                               )}, esc_html($name));
 
                        $markers .= " <span class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" .
                                $link . "</span>";