Browse Source

Remove text/html as a safe mimetype

The non-default safe mimetype in gerrit exists purely to proect installs
against setting this - when set, downloading a text/html file will
result in that file being rendered.

Change-Id: I648ada0b26aaf35ece9ef57f609b46f23f6e422a
changes/19/332219/1
Gregory Haynes 6 years ago
parent
commit
8573c2ee17
  1. 2
      templates/gerrit.config.erb

2
templates/gerrit.config.erb

@ -202,8 +202,6 @@
safe = true
[mimetype "text/plain"]
safe = true
[mimetype "text/html"]
safe = true
[mimetype "text/x-puppet"]
safe = true
[mimetype "text/x-ini"]

Loading…
Cancel
Save