From bfc22d47158b685ff8c6a686faf0f213a65fa0e1 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gmail.com>
Date: Thu, 25 Sep 2014 08:22:32 -0400
Subject: [PATCH] Merged #186 "Support email subject-line links"

---
 src/main/java/com/gitblit/wicket/panels/TicketListPanel.java |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/panels/TicketListPanel.java b/src/main/java/com/gitblit/wicket/panels/TicketListPanel.java
index c7079c8..cc0b57a 100644
--- a/src/main/java/com/gitblit/wicket/panels/TicketListPanel.java
+++ b/src/main/java/com/gitblit/wicket/panels/TicketListPanel.java
@@ -130,9 +130,10 @@
 							Repository db = app().repositories().getRepository(repository.name);
 							BugtraqProcessor btp  = new BugtraqProcessor(app().settings());
 							String content = btp.processText(db, repository.name, labelItem.getModelObject());
+							String safeContent = app().xssFilter().relaxed(content);
 							db.close();
 
-							label = new Label("label", content);
+							label = new Label("label", safeContent);
 							label.setEscapeModelStrings(false);
 
 							tLabel = app().tickets().getLabel(repository, labelItem.getModelObject());

--
Gitblit v1.9.1