Prevent possible XSS issues by seting text/plain for all text files in

RAW feature Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Prevent possible XSS issues by seting text/plain for all text files in
ac24a5a3 · Dmitriy Zaporozhets · a044c4b1 · ac24a5a3
Commit ac24a5a3 authored 10 years ago by Dmitriy Zaporozhets
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -29,12 +29,10 @@ class Projects::RawController < Projects::ApplicationController
  private
  
  def get_blob_type
-    if @blob.mime_type =~ /html|javascript/
+    if @blob.text?
      'text/plain; charset=utf-8'
-    elsif @blob.name =~ /(?:msi|exe|rar|r0\d|7z|7zip|zip)$/
-      'application/octet-stream'
    else
-      @blob.mime_type
+      'application/octet-stream'
    end
  end
 end