diff options
| author | Georg Brandl <georg@python.org> | 2007-05-15 20:19:34 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2007-05-15 20:19:34 (GMT) |
| commit | a09a96a5440144f926c69250dab7b9bbf06bd789 (patch) | |
| tree | 34ec2344498a9ab8708189cd0cbdf3038238fab5 /Lib | |
| parent | 8be9ab84979cc09caf41177f101089e4feaae65b (diff) | |
| download | cpython-a09a96a5440144f926c69250dab7b9bbf06bd789.zip cpython-a09a96a5440144f926c69250dab7b9bbf06bd789.tar.gz cpython-a09a96a5440144f926c69250dab7b9bbf06bd789.tar.bz2 | |
HTML-escape the plain traceback in cgitb's HTML output, to prevent
the traceback inadvertently or maliciously closing the comment and
injecting HTML into the error page.
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/cgitb.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/Lib/cgitb.py b/Lib/cgitb.py index 1c300b2..19b4149 100644 --- a/Lib/cgitb.py +++ b/Lib/cgitb.py @@ -183,7 +183,8 @@ function calls leading up to the error, in the order they occurred.</p>''' %s --> -''' % ''.join(traceback.format_exception(etype, evalue, etb)) +''' % pydoc.html.escape( + ''.join(traceback.format_exception(etype, evalue, etb))) def text((etype, evalue, etb), context=5): """Return a plain text document describing a given traceback.""" |