From 5128d091c6bc1601135ac2217509cc81314bc691 Mon Sep 17 00:00:00 2001
From: la-ninpre <leobrekalini@gmail.com>
Date: Wed, 28 Oct 2020 17:23:13 +0100
Subject: disable unsafe inline styles and scripts

---
 ui-commit.c |  2 +-
 ui-diff.c   | 16 ++++++++--------
 ui-stats.c  |  6 +++---
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/ui-commit.c b/ui-commit.c
index 948118c..1acb4ab 100644
--- a/ui-commit.c
+++ b/ui-commit.c
@@ -44,7 +44,7 @@ void cgit_print_commit(char *hex, const char *prefix)
 	load_ref_decorations(NULL, DECORATE_FULL_REFS);
 
 	cgit_print_layout_start();
-	cgit_print_diff_ctrls();
+	/*cgit_print_diff_ctrls();*/
 	html("<table summary='commit info' class='commit-info'>\n");
 	html("<tr><th>author</th><td>");
 	cgit_open_filter(ctx.repo->email_filter, info->author_email, "commit");
diff --git a/ui-diff.c b/ui-diff.c
index 5ed5990..88502ba 100644
--- a/ui-diff.c
+++ b/ui-diff.c
@@ -113,13 +113,13 @@ static void print_fileinfo(struct fileinfo *info)
 	}
 	htmlf("%d", info->added + info->removed);
 	html("</td><td class='graph'>");
-	htmlf("<table summary='file diffstat' width='%d%%'><tr>", (max_changes > 100 ? 100 : max_changes));
-	htmlf("<td class='add' style='width: %.1f%%;'/>",
-	      info->added * 100.0 / max_changes);
-	htmlf("<td class='rem' style='width: %.1f%%;'/>",
-	      info->removed * 100.0 / max_changes);
-	htmlf("<td class='none' style='width: %.1f%%;'/>",
-	      (max_changes - info->removed - info->added) * 100.0 / max_changes);
+	html("<table summary='file diffstat'><tr>");
+	htmlf("<td class='add'>+%d</td>",
+	      info->added /* * 100.0 / max_changes */);
+	htmlf("<td class='rem'>-%d</td>",
+	      info->removed/* * 100.0 / max_changes */);
+/*	htmlf("<td class='none' style='width: %.1f%%;'/>",
+	      (max_changes - info->removed - info->added) * 100.0 / max_changes);*/
 	html("</tr></table></td></tr>\n");
 }
 
@@ -466,7 +466,7 @@ void cgit_print_diff(const char *new_rev, const char *old_rev,
 
 	if (show_ctrls) {
 		cgit_print_layout_start();
-		cgit_print_diff_ctrls();
+		/* cgit_print_diff_ctrls();*/
 	}
 
 	/*
diff --git a/ui-stats.c b/ui-stats.c
index 7272a61..978b7ce 100644
--- a/ui-stats.c
+++ b/ui-stats.c
@@ -309,7 +309,7 @@ static void print_authors(struct string_list *authors, int top,
 	for (i = 1; i < period->count; i++)
 		period->dec(tm);
 
-	html("<table class='stats'><tr><th>Author</th>");
+	html("<table class='stats' width='100%'><tr><th>Author</th>");
 	for (j = 0; j < period->count; j++) {
 		tmp = period->pretty(tm);
 		htmlf("<th>%s</th>", tmp);
@@ -387,7 +387,7 @@ void cgit_show_stats(void)
 		top = 10;
 
 	cgit_print_layout_start();
-	html("<div class='cgit-panel'>");
+	/*html("<div class='cgit-panel'>");
 	html("<b>stat options</b>");
 	html("<form method='get'>");
 	cgit_add_hidden_formfields(1, 0, "stats");
@@ -412,7 +412,7 @@ void cgit_show_stats(void)
 	html("<noscript><input type='submit' value='Reload'/></noscript>");
 	html("</td></tr></table>");
 	html("</form>");
-	html("</div>");
+	html("</div>");*/
 	htmlf("<h2>Commits per author per %s", period->name);
 	if (ctx.qry.path) {
 		html(" (path '");
-- 
cgit v1.2.3