[Bugfix candidate] Escape traceback type and value. There are probably...

[Bugfix candidate] Escape traceback type and value. There are probably additional cases where cgitb.py doesn't escape as paranoidly as it should (e.g. attribute names)

[Bugfix candidate] Escape traceback type and value. There are probably...
[Bugfix candidate] Escape traceback type and value. There are probably additional cases where cgitb.py doesn't escape as paranoidly as it should (e.g. attribute names)
b67c9431 · Andrew M. Kuchling · fb66cd25 · b67c9431
Commit b67c9431 authored Mar 31, 2004 by Andrew M. Kuchling
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

Lib/cgitb.py Lib/cgitb.py +2 -1

No files found.
--- a/Lib/cgitb.py
+++ b/Lib/cgitb.py
@@ -146,7 +146,8 @@ function calls leading up to the error, in the order they occurred.'''
 <table width="100%%" cellspacing=0 cellpadding=0 border=0>
 %s</table>''' % '\n'.join(rows))

-    exception = ['<p>%s: %s' % (strong(str(etype)), str(evalue))]
+    exception = ['<p>%s: %s' % (strong(pydoc.html.escape(str(etype))),
+                                pydoc.html.escape(str(evalue)))]
    if type(evalue) is types.InstanceType:
        for name in dir(evalue):
            if name[:1] == '_': continue