Update of /cvsroot/python/python/dist/src/Lib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25977 Modified Files: cgitb.py Log Message: [Bugfix candidate] Escape traceback type and value. There are probably additional cases where cgitb.py doesn't escape as paranoidly as it should (e.g. attribute names) Index: cgitb.py =================================================================== RCS file: /cvsroot/python/python/dist/src/Lib/cgitb.py,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** cgitb.py 29 Jun 2003 05:46:53 -0000 1.9 --- cgitb.py 31 Mar 2004 20:17:56 -0000 1.10 *************** *** 147,151 **** %s</table>''' % '\n'.join(rows)) ! exception = ['<p>%s: %s' % (strong(str(etype)), str(evalue))] if type(evalue) is types.InstanceType: for name in dir(evalue): --- 147,152 ---- %s</table>''' % '\n'.join(rows)) ! exception = ['<p>%s: %s' % (strong(pydoc.html.escape(str(etype))), ! pydoc.html.escape(str(evalue)))] if type(evalue) is types.InstanceType: for name in dir(evalue):