Sophie

Sophie

distrib > Mageia > 6 > armv7hl > media > core-updates-src > by-pkgid > 76d6e08d979bb2435e23f40a2596f8a5 > files > 2

python-werkzeug-0.11.3-1.1.mga6.src.rpm

From 1034edc7f901dd645ec6e462754111b39002bd65 Mon Sep 17 00:00:00 2001
From: Your Name <neargle@outlook.com>
Date: Wed, 31 Aug 2016 16:00:55 +0800
Subject: [PATCH] fix XSS in debugger

Fix #1001
---
 werkzeug/debug/tbtools.py | 2 +-
 1 files changed, 1 insertions(+), 1 deletion(-)

diff --git a/werkzeug/debug/tbtools.py b/werkzeug/debug/tbtools.py
index 42f9d928d..2ee4718cb 100644
--- a/werkzeug/debug/tbtools.py
+++ b/werkzeug/debug/tbtools.py
@@ -358,7 +358,7 @@ def render_full(self, evalex=False, secret=None,
             'exception':        exc,
             'exception_type':   escape(self.exception_type),
             'summary':          self.render_summary(include_title=False),
-            'plaintext':        self.plaintext,
+            'plaintext':        escape(self.plaintext),
             'plaintext_cs':     re.sub('-{2,}', '-', self.plaintext),
             'traceback_id':     self.id,
             'secret':           secret

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional