mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-20 00:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

HTML-escape the plain traceback in cgitb's HTML output, to prevent

Browse source 
the traceback inadvertently or maliciously closing the comment and
injecting HTML into the error page.
 (backport from rev. 55348)
This commit is contained in:
Georg Brandl 2007-05-15 20:19:39 +00:00
parent 0d338e4bc6
commit 4c87581c32
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Lib/cgitb.py
View file

@ -183,7 +183,8 @@ function calls leading up to the error, in the order they occurred.</p>'''
%s
-->
''' % ''.join(traceback.format_exception(etype, evalue, etb))
''' % pydoc.html.escape(
''.join(traceback.format_exception(etype, evalue, etb)))
def text((etype, evalue, etb), context=5):
"""Return a plain text document describing a given traceback."""