HTML-escape the plain traceback in cgitb's HTML output, to prevent the traceback inadvertently or maliciously closing the comment and injecting HTML into the error page. (backport from rev. 55348)

commit: 4c87581c328c0f0fc9cc477c62f5f1a37799ba8c [log] [tgz]
author: Georg Brandl <georg@python.org> Tue May 15 20:19:39 2007 +0000
committer: Georg Brandl <georg@python.org> Tue May 15 20:19:39 2007 +0000
tree: ddbf2952f076e7b1d05b6b3eddd3456af84b15cc
parent: 0d338e4bc6b310dd91548aaac87073102055c084 [diff] [blame]
diff --git a/Misc/NEWS b/Misc/NEWS
index 65e176e..8e8254d 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -12,6 +12,10 @@
 Library
 -------
 
+- HTML-escape the plain traceback in cgitb's HTML output, to prevent
+  the traceback inadvertently or maliciously closing the comment and
+  injecting HTML into the error page.
+
 - Bug #1290505: Properly clear time.strptime's locale cache when the locale
   changes between calls.  Backport of r54646 and r54647.
commit	4c87581c328c0f0fc9cc477c62f5f1a37799ba8c	[log] [tgz]
author	Georg Brandl <georg@python.org>	Tue May 15 20:19:39 2007 +0000
committer	Georg Brandl <georg@python.org>	Tue May 15 20:19:39 2007 +0000
tree	ddbf2952f076e7b1d05b6b3eddd3456af84b15cc
parent	0d338e4bc6b310dd91548aaac87073102055c084 [diff] [blame]