From e10ac6e91b1062c74b800df4aa3f8fbcf7e18243 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 14 Oct 2014 13:48:49 -0400
Subject: [PATCH] Merged #205 "Update to JGit 3.5.1"

---
 src/main/java/com/gitblit/wicket/panels/TicketListPanel.java |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/panels/TicketListPanel.java b/src/main/java/com/gitblit/wicket/panels/TicketListPanel.java
index c7079c8..cc0b57a 100644
--- a/src/main/java/com/gitblit/wicket/panels/TicketListPanel.java
+++ b/src/main/java/com/gitblit/wicket/panels/TicketListPanel.java
@@ -130,9 +130,10 @@
 							Repository db = app().repositories().getRepository(repository.name);
 							BugtraqProcessor btp  = new BugtraqProcessor(app().settings());
 							String content = btp.processText(db, repository.name, labelItem.getModelObject());
+							String safeContent = app().xssFilter().relaxed(content);
 							db.close();
 
-							label = new Label("label", content);
+							label = new Label("label", safeContent);
 							label.setEscapeModelStrings(false);
 
 							tLabel = app().tickets().getLabel(repository, labelItem.getModelObject());

--
Gitblit v1.9.1