[Python-checkins] r55350 - in python/branches/release24-maint: Lib/cgitb.py Misc/NEWS
georg.brandl
python-checkins at python.org
Tue May 15 22:19:44 CEST 2007
Author: georg.brandl
Date: Tue May 15 22:19:42 2007
New Revision: 55350
Modified:
python/branches/release24-maint/Lib/cgitb.py
python/branches/release24-maint/Misc/NEWS
Log:
HTML-escape the plain traceback in cgitb's HTML output, to prevent
the traceback inadvertently or maliciously closing the comment and
injecting HTML into the error page.
(backport from rev. 55348)
Modified: python/branches/release24-maint/Lib/cgitb.py
==============================================================================
--- python/branches/release24-maint/Lib/cgitb.py (original)
+++ python/branches/release24-maint/Lib/cgitb.py Tue May 15 22:19:42 2007
@@ -182,7 +182,8 @@
%s
-->
-''' % ''.join(traceback.format_exception(etype, evalue, etb))
+''' % pydoc.html.escape(
+ ''.join(traceback.format_exception(etype, evalue, etb)))
def text((etype, evalue, etb), context=5):
"""Return a plain text document describing a given traceback."""
Modified: python/branches/release24-maint/Misc/NEWS
==============================================================================
--- python/branches/release24-maint/Misc/NEWS (original)
+++ python/branches/release24-maint/Misc/NEWS Tue May 15 22:19:42 2007
@@ -26,6 +26,10 @@
Library
-------
+- HTML-escape the plain traceback in cgitb's HTML output, to prevent
+ the traceback inadvertently or maliciously closing the comment and
+ injecting HTML into the error page.
+
- idle: Honor the "Cancel" action in the save dialog (Debian bug #299092).
Tests
More information about the Python-checkins
mailing list