[Checkins] SVN: zope.error/trunk/src/zope/error/error.py escape untrusted input before creating HTML output with it
Jan-Wijbrand Kolman
janwijbrand at gmail.com
Tue Jan 17 20:17:16 UTC 2012
Log message for revision 124062:
escape untrusted input before creating HTML output with it
Changed:
U zope.error/trunk/src/zope/error/error.py
-=-
Modified: zope.error/trunk/src/zope/error/error.py
===================================================================
--- zope.error/trunk/src/zope/error/error.py 2012-01-16 22:58:50 UTC (rev 124061)
+++ zope.error/trunk/src/zope/error/error.py 2012-01-17 20:16:35 UTC (rev 124062)
@@ -20,7 +20,7 @@
import time
import logging
import codecs
-
+from xml.sax.saxutils import escape as xml_escape
from persistent import Persistent
from random import random
from threading import Lock
@@ -73,7 +73,7 @@
" representation of an object")
return u"<unprintable %s object>" % type(value).__name__
value = unicode(value, errors="zope.error.printedreplace")
- return value
+ return xml_escape(value)
def getFormattedException(info, as_html=False):
lines = []
More information about the checkins
mailing list