Re: Cgit XSS "vulnerability" has no CVE?

["Jason A. Donenfeld" <Jason () zx2c4 com>]

At the moment, none of those example filters are XSS-safe. I think
I'll likely rewrite them for the next version to use a framework for
that. But there's never been any guarantee for those filters, and
they've never been provided as anything but potential example filters
for people to tweak and change.