From 498cb5c096379e4cecd62792f24afb767399e0e6 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Sat, 2 Jul 2016 05:17:05 -0700
Subject: [PATCH] Fix an XSS issue where Diffusion files exceeding the
 highlighting byte limit were not properly escaped

Fixes T11257.

Auditors: chad
---
 .../controller/DiffusionBrowseController.php         | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/applications/diffusion/controller/DiffusionBrowseController.php b/src/applications/diffusion/controller/DiffusionBrowseController.php
index 30c2b8265d..2d0ea7770b 100644
--- a/src/applications/diffusion/controller/DiffusionBrowseController.php
+++ b/src/applications/diffusion/controller/DiffusionBrowseController.php
@@ -682,17 +682,21 @@ final class DiffusionBrowseController extends DiffusionController {
         $blame_commits,
         $show_blame);
     } else {
-      if ($can_highlight) {
-        require_celerity_resource('syntax-highlighting-css');
+      require_celerity_resource('syntax-highlighting-css');
 
+      if (!$can_highlight) {
         $highlighted = PhabricatorSyntaxHighlighter::highlightWithFilename(
           $path,
           $file_corpus);
-        $lines = phutil_split_lines($highlighted);
       } else {
-        $lines = phutil_split_lines($file_corpus);
+        // Highlight as plain text to escape the content properly.
+        $highlighted = PhabricatorSyntaxHighlighter::highlightWithLanguage(
+          'txt',
+          $file_corpus);
       }
 
+      $lines = phutil_split_lines($highlighted);
+
       $rows = $this->buildDisplayRows(
         $lines,
         $blame_list,