Fix XSS issue on raw blobs

author: Drew DeVault <sir@cmpwn.com> 2018-11-16 18:58:32 -0500
committer: Drew DeVault <sir@cmpwn.com> 2018-11-16 18:58:32 -0500
commit: 3965edd5a7d6a97782abf298b1ec2b38031d4af6 (patch)
tree: ca95f06410a06cdf697f7157e6689b665c38bd10 /gitsrht/blueprints/repo.py
parent: ff6f706a1960bedddb91f4827aec46d1fbb1269a (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/gitsrht/blueprints/repo.py b/gitsrht/blueprints/repo.py
index d00041b..8a355e6 100644
--- a/gitsrht/blueprints/repo.py
+++ b/gitsrht/blueprints/repo.py
@@ -194,7 +194,9 @@ def raw_blob(owner, repo, ref, path):
             abort(404)
 
         return send_file(BytesIO(blob.data),
-                as_attachment=blob.is_binary, attachment_filename=entry.name)
+                as_attachment=blob.is_binary,
+                attachment_filename=entry.name,
+                mimetype="text/plain" if not blob.is_binary else None)
 
 @repo.route("/<owner>/<repo>/archive/<ref>.tar.gz")
 def archive(owner, repo, ref):
author	Drew DeVault <sir@cmpwn.com>	2018-11-16 18:58:32 -0500
committer	Drew DeVault <sir@cmpwn.com>	2018-11-16 18:58:32 -0500
commit	3965edd5a7d6a97782abf298b1ec2b38031d4af6 (patch)
tree	ca95f06410a06cdf697f7157e6689b665c38bd10 /gitsrht/blueprints/repo.py
parent	ff6f706a1960bedddb91f4827aec46d1fbb1269a (diff)