HTML-escape the plain traceback in cgitb's HTML output, to prevent the traceback inadvertently or maliciously closing the comment and injecting HTML into the error page. (backport from rev. 55348)

commit: 4c87581c328c0f0fc9cc477c62f5f1a37799ba8c [log] [tgz]
author: Georg Brandl <georg@python.org> Tue May 15 20:19:39 2007 +0000
committer: Georg Brandl <georg@python.org> Tue May 15 20:19:39 2007 +0000
tree: ddbf2952f076e7b1d05b6b3eddd3456af84b15cc
parent: 0d338e4bc6b310dd91548aaac87073102055c084 [diff] [blame]
diff --git a/Lib/cgitb.py b/Lib/cgitb.py
index 1c300b2..19b4149 100644
--- a/Lib/cgitb.py
+++ b/Lib/cgitb.py

@@ -183,7 +183,8 @@
 
 %s
 -->
-''' % ''.join(traceback.format_exception(etype, evalue, etb))
+''' % pydoc.html.escape(
+          ''.join(traceback.format_exception(etype, evalue, etb)))
 
 def text((etype, evalue, etb), context=5):
     """Return a plain text document describing a given traceback."""
commit	4c87581c328c0f0fc9cc477c62f5f1a37799ba8c	[log] [tgz]
author	Georg Brandl <georg@python.org>	Tue May 15 20:19:39 2007 +0000
committer	Georg Brandl <georg@python.org>	Tue May 15 20:19:39 2007 +0000
tree	ddbf2952f076e7b1d05b6b3eddd3456af84b15cc
parent	0d338e4bc6b310dd91548aaac87073102055c084 [diff] [blame]