1 |
From 1034edc7f901dd645ec6e462754111b39002bd65 Mon Sep 17 00:00:00 2001 |
2 |
From: Your Name <neargle@outlook.com> |
3 |
Date: Wed, 31 Aug 2016 16:00:55 +0800 |
4 |
Subject: [PATCH] fix XSS in debugger |
5 |
|
6 |
Fix #1001 |
7 |
--- |
8 |
werkzeug/debug/tbtools.py | 2 +- |
9 |
1 files changed, 1 insertions(+), 1 deletion(-) |
10 |
|
11 |
diff --git a/werkzeug/debug/tbtools.py b/werkzeug/debug/tbtools.py |
12 |
index 42f9d928d..2ee4718cb 100644 |
13 |
--- a/werkzeug/debug/tbtools.py |
14 |
+++ b/werkzeug/debug/tbtools.py |
15 |
@@ -358,7 +358,7 @@ def render_full(self, evalex=False, secret=None, |
16 |
'exception': exc, |
17 |
'exception_type': escape(self.exception_type), |
18 |
'summary': self.render_summary(include_title=False), |
19 |
- 'plaintext': self.plaintext, |
20 |
+ 'plaintext': escape(self.plaintext), |
21 |
'plaintext_cs': re.sub('-{2,}', '-', self.plaintext), |
22 |
'traceback_id': self.id, |
23 |
'secret': secret |