From b76107bb240c54ba4d4c8e1d2badd412e5c473fa Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 04 Nov 2014 17:23:50 -0500
Subject: [PATCH] Whitelist the "target" link attribute in the XSS filter

---
 src/main/java/com/gitblit/transport/ssh/git/BaseGitCommand.java |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/transport/ssh/git/BaseGitCommand.java b/src/main/java/com/gitblit/transport/ssh/git/BaseGitCommand.java
index 029dd73..c49d23b 100644
--- a/src/main/java/com/gitblit/transport/ssh/git/BaseGitCommand.java
+++ b/src/main/java/com/gitblit/transport/ssh/git/BaseGitCommand.java
@@ -86,10 +86,9 @@
 		repository = repository.replace('\\', '/');
 		// ssh://git@thishost/path should always be name="/path" here
 		//
-		if (!repository.startsWith("/")) {
-			throw new Failure(1, "fatal: '" + repository + "': not starts with / character");
+		if (repository.startsWith("/")) {
+			repository = repository.substring(1);
 		}
-		repository = repository.substring(1);
 		try {
 			return repositoryResolver.open(getContext().getClient(), repository);
 		} catch (Exception e) {

--
Gitblit v1.9.1