1 |
luigiwalser |
1186890 |
From 1034edc7f901dd645ec6e462754111b39002bd65 Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Your Name <neargle@outlook.com> |
3 |
|
|
Date: Wed, 31 Aug 2016 16:00:55 +0800 |
4 |
|
|
Subject: [PATCH] fix XSS in debugger |
5 |
|
|
|
6 |
|
|
Fix #1001 |
7 |
|
|
--- |
8 |
|
|
werkzeug/debug/tbtools.py | 2 +- |
9 |
|
|
1 files changed, 1 insertions(+), 1 deletion(-) |
10 |
|
|
|
11 |
|
|
diff --git a/werkzeug/debug/tbtools.py b/werkzeug/debug/tbtools.py |
12 |
|
|
index 42f9d928d..2ee4718cb 100644 |
13 |
|
|
--- a/werkzeug/debug/tbtools.py |
14 |
|
|
+++ b/werkzeug/debug/tbtools.py |
15 |
|
|
@@ -358,7 +358,7 @@ def render_full(self, evalex=False, secret=None, |
16 |
|
|
'exception': exc, |
17 |
|
|
'exception_type': escape(self.exception_type), |
18 |
|
|
'summary': self.render_summary(include_title=False), |
19 |
|
|
- 'plaintext': self.plaintext, |
20 |
|
|
+ 'plaintext': escape(self.plaintext), |
21 |
|
|
'plaintext_cs': re.sub('-{2,}', '-', self.plaintext), |
22 |
|
|
'traceback_id': self.id, |
23 |
|
|
'secret': secret |