mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-21 17:25:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

HTML-escape the plain traceback in cgitb's HTML output, to prevent

Browse source 
the traceback inadvertently or maliciously closing the comment and
injecting HTML into the error page.
 (backport from rev. 55348)
This commit is contained in:
Georg Brandl 2007-05-15 20:19:39 +00:00
parent 0d338e4bc6
commit 4c87581c32
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Lib/cgitb.py
View file

@ -183,7 +183,8 @@ function calls leading up to the error, in the order they occurred.</p>'''
%s %s
--> -->
''' % ''.join(traceback.format_exception(etype, evalue, etb)) ''' % pydoc.html.escape(
''.join(traceback.format_exception(etype, evalue, etb)))
def text((etype, evalue, etb), context=5): def text((etype, evalue, etb), context=5):
"""Return a plain text document describing a given traceback.""" """Return a plain text document describing a given traceback."""

4
Misc/NEWS
View file

@ -12,6 +12,10 @@ What's New in Python 2.5.2c1?
Library Library
------- -------
- HTML-escape the plain traceback in cgitb's HTML output, to prevent
the traceback inadvertently or maliciously closing the comment and
injecting HTML into the error page.
- Bug #1290505: Properly clear time.strptime's locale cache when the locale - Bug #1290505: Properly clear time.strptime's locale cache when the locale
changes between calls. Backport of r54646 and r54647. changes between calls. Backport of r54646 and r54647.