From 8573c2ee172f66c1667de49685c88fdc8883ca8b Mon Sep 17 00:00:00 2001
From: Gregory Haynes <greg@greghaynes.net>
Date: Tue, 21 Jun 2016 15:42:02 +0000
Subject: [PATCH] Remove text/html as a safe mimetype

The non-default safe mimetype in gerrit exists purely to proect installs
against setting this - when set, downloading a text/html file will
result in that file being rendered.

Change-Id: I648ada0b26aaf35ece9ef57f609b46f23f6e422a
---
 templates/gerrit.config.erb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/templates/gerrit.config.erb b/templates/gerrit.config.erb
index c707f6c..1c922e0 100644
--- a/templates/gerrit.config.erb
+++ b/templates/gerrit.config.erb
@@ -202,8 +202,6 @@
         safe = true
 [mimetype "text/plain"]
         safe = true
-[mimetype "text/html"]
-        safe = true
 [mimetype "text/x-puppet"]
         safe = true
 [mimetype "text/x-ini"]