HTML-escape the plain traceback in cgitb's HTML output, to prevent the traceback inadvertently or maliciously closing the comment and injecting HTML into the error page.

commit: a09a96a5440144f926c69250dab7b9bbf06bd789 [log] [tgz]
author: Georg Brandl <georg@python.org> Tue May 15 20:19:34 2007 +0000
committer: Georg Brandl <georg@python.org> Tue May 15 20:19:34 2007 +0000
tree: 34ec2344498a9ab8708189cd0cbdf3038238fab5
parent: 8be9ab84979cc09caf41177f101089e4feaae65b [diff] [blame]
diff --git a/Misc/NEWS b/Misc/NEWS
index 32531f6..79db74a 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -207,6 +207,10 @@
 Library
 -------
 
+- HTML-escape the plain traceback in cgitb's HTML output, to prevent
+  the traceback inadvertently or maliciously closing the comment and
+  injecting HTML into the error page.
+
 - The popen2 module and os.popen* are deprecated.  Use the subprocess module.
 
 - Added an optional credentials argument to SMTPHandler, for use with SMTP
commit	a09a96a5440144f926c69250dab7b9bbf06bd789	[log] [tgz]
author	Georg Brandl <georg@python.org>	Tue May 15 20:19:34 2007 +0000
committer	Georg Brandl <georg@python.org>	Tue May 15 20:19:34 2007 +0000
tree	34ec2344498a9ab8708189cd0cbdf3038238fab5
parent	8be9ab84979cc09caf41177f101089e4feaae65b [diff] [blame]