diff options
| author | Martin Panter <vadmium+py@gmail.com> | 2016-06-08 07:16:14 (GMT) |
|---|---|---|
| committer | Martin Panter <vadmium+py@gmail.com> | 2016-06-08 07:16:14 (GMT) |
| commit | 6af1c49bb497ca883af99db19aaaae8820325f90 (patch) | |
| tree | d98b9c263bb0f1dc0df3b73221cf2acc56021258 /Lib/BaseHTTPServer.py | |
| parent | c36364491fb5bedc736957ce123f30d8a7b7023c (diff) | |
| download | cpython-6af1c49bb497ca883af99db19aaaae8820325f90.zip cpython-6af1c49bb497ca883af99db19aaaae8820325f90.tar.gz cpython-6af1c49bb497ca883af99db19aaaae8820325f90.tar.bz2 | |
Issue #25738: Don’t send message body for 205 Reset Content
Patch by Susumu Koshiba.
Diffstat (limited to 'Lib/BaseHTTPServer.py')
| -rw-r--r-- | Lib/BaseHTTPServer.py | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/Lib/BaseHTTPServer.py b/Lib/BaseHTTPServer.py index deaf2f9..3df3323 100644 --- a/Lib/BaseHTTPServer.py +++ b/Lib/BaseHTTPServer.py @@ -362,14 +362,25 @@ class BaseHTTPRequestHandler(SocketServer.StreamRequestHandler): message = short explain = long self.log_error("code %d, message %s", code, message) - # using _quote_html to prevent Cross Site Scripting attacks (see bug #1100201) - content = (self.error_message_format % - {'code': code, 'message': _quote_html(message), 'explain': explain}) self.send_response(code, message) - self.send_header("Content-Type", self.error_content_type) self.send_header('Connection', 'close') + + # Message body is omitted for cases described in: + # - RFC7230: 3.3. 1xx, 204(No Content), 304(Not Modified) + # - RFC7231: 6.3.6. 205(Reset Content) + content = None + if code >= 200 and code not in (204, 205, 304): + # HTML encode to prevent Cross Site Scripting attacks + # (see bug #1100201) + content = (self.error_message_format % { + 'code': code, + 'message': _quote_html(message), + 'explain': explain + }) + self.send_header("Content-Type", self.error_content_type) self.end_headers() - if self.command != 'HEAD' and code >= 200 and code not in (204, 304): + + if self.command != 'HEAD' and content: self.wfile.write(content) error_message_format = DEFAULT_ERROR_MESSAGE |