diff options
| author | Georg Brandl <georg@python.org> | 2007-05-15 20:19:39 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2007-05-15 20:19:39 (GMT) |
| commit | 4c87581c328c0f0fc9cc477c62f5f1a37799ba8c (patch) | |
| tree | ddbf2952f076e7b1d05b6b3eddd3456af84b15cc /Lib/cgitb.py | |
| parent | 0d338e4bc6b310dd91548aaac87073102055c084 (diff) | |
| download | cpython-4c87581c328c0f0fc9cc477c62f5f1a37799ba8c.zip cpython-4c87581c328c0f0fc9cc477c62f5f1a37799ba8c.tar.gz cpython-4c87581c328c0f0fc9cc477c62f5f1a37799ba8c.tar.bz2 | |
HTML-escape the plain traceback in cgitb's HTML output, to prevent
the traceback inadvertently or maliciously closing the comment and
injecting HTML into the error page.
(backport from rev. 55348)
Diffstat (limited to 'Lib/cgitb.py')
| -rw-r--r-- | Lib/cgitb.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Lib/cgitb.py b/Lib/cgitb.py index 1c300b2..19b4149 100644 --- a/Lib/cgitb.py +++ b/Lib/cgitb.py @@ -183,7 +183,8 @@ function calls leading up to the error, in the order they occurred.</p>''' %s --> -''' % ''.join(traceback.format_exception(etype, evalue, etb)) +''' % pydoc.html.escape( + ''.join(traceback.format_exception(etype, evalue, etb))) def text((etype, evalue, etb), context=5): """Return a plain text document describing a given traceback.""" |