973f38bc4a
For ?zip compress the patch file text inside of a ZIP archive. The inner file name is "commitsha1.diff". Modern UI shells on Windows, Mac OS X and Linux make it easy to unpack the compressed ZIP file to get access to the raw text. For ?download a filename is suggested in the Content-Dispostion response header, suggesting the browser to download the base64 encoded stream to the local drive as "commitsha1.diff.base64". Encoding the patch is necessary to prevent XSS attacks made against the Gerrit site. The ZIP wrapping does not allow an attacker to make a valid Java applet; the filename ending in ".diff" is not a valid Java class file name. The base64 wrapping can only be treated as plain text by a browser as it does not contain HTML special characters. Change-Id: Ia4c41e51c5f57607c45e2588629a88b47e1d9d09 |
||
|---|---|---|
| .. | ||
| .settings | ||
| src/main/java/com/google/gerrit/extensions | ||
| .gitignore | ||
| BUCK | ||