diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2026-03-05 15:34:49 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2026-03-06 13:52:28 -0800 |
| commit | 128914438a0d2d55ae34314a0881f55a797024d5 (patch) | |
| tree | c8d6585b9182da48504e2fab0e3ef0039456f5e7 /contrib/persistent-https | |
| parent | 12f0fda905b4af3a15c125f96808e49ddbe39742 (diff) | |
| download | git-128914438a0d2d55ae34314a0881f55a797024d5.tar.gz git-128914438a0d2d55ae34314a0881f55a797024d5.zip | |
sideband: add options to allow more control sequences to be passed through
Even though control sequences that erase characters are quite juicy for
attack scenarios, where attackers are eager to hide traces of suspicious
activities, during the review of the side band sanitizing patch series
concerns were raised that there might be some legimitate scenarios where
Git server's `pre-receive` hooks use those sequences in a benign way.
Control sequences to move the cursor can likewise be used to hide tracks
by overwriting characters, and have been equally pointed out as having
legitimate users.
Let's add options to let users opt into passing through those ANSI
Escape sequences: `sideband.allowControlCharacters` now supports also
`cursor` and `erase`, and it parses the value as a comma-separated list.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'contrib/persistent-https')
0 files changed, 0 insertions, 0 deletions