mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-07 19:35:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Revert "bpo-35603: Escape table header of make_table output that can cause potential XSS. (GH-11341)" (GH-11356)

Browse source 
This reverts commit 78de01198b.
This commit is contained in:
Serhiy Storchaka 2019-01-02 14:49:25 +02:00 committed by GitHub
parent 3a374e0c5a
commit 830ddc74c4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 0 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Lib/difflib.py
View file

@ -2036,10 +2036,6 @@ class HtmlDiff(object):
s.append( fmt % (next_id[i],next_href[i],fromlist[i],
next_href[i],tolist[i]))
if fromdesc or todesc:
fromdesc = fromdesc.replace("&", "&").replace(">", ">") \
.replace("<", "&lt;")
todesc = todesc.replace("&", "&amp;").replace(">", "&gt;") \
.replace("<", "&lt;")
header_row = '<thead><tr>%s%s%s%s</tr></thead>' % (
'<th class="diff_next"><br /></th>',
'<th colspan="2" class="diff_header">%s</th>' % fromdesc,