From b76107bb240c54ba4d4c8e1d2badd412e5c473fa Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 04 Nov 2014 17:23:50 -0500
Subject: [PATCH] Whitelist the "target" link attribute in the XSS filter

---
 src/main/java/com/gitblit/servlet/EnforceAuthenticationFilter.java |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/servlet/EnforceAuthenticationFilter.java b/src/main/java/com/gitblit/servlet/EnforceAuthenticationFilter.java
index 5fdccb7..c015021 100644
--- a/src/main/java/com/gitblit/servlet/EnforceAuthenticationFilter.java
+++ b/src/main/java/com/gitblit/servlet/EnforceAuthenticationFilter.java
@@ -19,6 +19,7 @@
 import java.text.MessageFormat;
 
 import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -53,7 +54,7 @@
 	private IAuthenticationManager authenticationManager;
 
 	@Override
-	protected void inject(ObjectGraph dagger) {
+	protected void inject(ObjectGraph dagger, FilterConfig filterConfig) {
 		this.settings = dagger.get(IStoredSettings.class);
 		this.authenticationManager = dagger.get(IAuthenticationManager.class);
 	}

--
Gitblit v1.9.1