[issue9061] cgi.escape Can Lead To XSS Vulnerabilities
Craig Younkins
report at bugs.python.org
Wed Jun 23 20:22:42 CEST 2010
Craig Younkins <cyounkins at gmail.com> added the comment:
Proof of concept:
print """<body class='%s'></body>""" % cgi.escape("' onload='alert(1);' bad='")
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9061>
_______________________________________
More information about the Python-bugs-list
mailing list