[issue9061] cgi.escape Can Lead To XSS Vulnerabilities

Craig Younkins report at bugs.python.org
Wed Jun 23 20:22:42 CEST 2010


Craig Younkins <cyounkins at gmail.com> added the comment:

Proof of concept:
print """<body class='%s'></body>""" % cgi.escape("' onload='alert(1);' bad='")

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9061>
_______________________________________


More information about the Python-bugs-list mailing list