`6b8db0c`

Mark PR raw diff as plain text

Authored by mfwolffe <wolffemf@dukes.jmu.edu> yesterday

SHA: 6b8db0ce1a08c237ac82aeef7f66a43fa247040b
Parents: 09fc23c
Tree: 474064f

1 changed file

Status	File	+	-
M	`internal/web/handlers/repo/pulls.go`	2	1

internal/web/handlers/repo/pulls.gomodified


 		ext = ".patch"
 	}
 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.Header().Set("Content-Disposition", "inline; filename=\""+row.Name+"-"+strconv.FormatInt(pr.INumber, 10)+ext+"\"")
-	_, _ = w.Write(patch)
+	_, _ = w.Write(patch) // #nosec G705 -- git diff bytes are served as text/plain with nosniff, not HTML.
 }
 
 // pullChecks renders the Checks tab. Loads suites + runs grouped by

`@@ -735,8 +735,9 @@` func (h Handlers) pullRawDiff(w http.ResponseWriter, r http.Request) {
735	735	ext = ".patch"
736	736	}
737	737	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
	738	+ w.Header().Set("X-Content-Type-Options", "nosniff")
738	739	w.Header().Set("Content-Disposition", "inline; filename=\""+row.Name+"-"+strconv.FormatInt(pr.INumber, 10)+ext+"\"")
739		- _, _ = w.Write(patch)
	740	+ _, _ = w.Write(patch) // #nosec G705 -- git diff bytes are served as text/plain with nosniff, not HTML.
740	741	}
741	742
742	743	// pullChecks renders the Checks tab. Loads suites + runs grouped by