commit 736f17fb8d8b105567d56317f9c0b4c577ce4105
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Sun Apr 29 12:10:12 2018 -0700
committer GitHub <noreply@github.com> Sun Apr 29 12:10:12 2018 -0700
tree 9116132ddeda7715bd13032f1d5097069c0464de
parent cebce2e8d15db101435194f79be31b5d80455bb0

bpo-33256: Replace angle brackets around python object repr to display it in html (GH-6442)

(cherry picked from commit 7d68bfa82654ba01d860b8a772ff63bf0bd183ee)

Co-authored-by: sblondon <sblondon@users.noreply.github.com>

Lib/cgitb.py

diff --git a/Lib/cgitb.py b/Lib/cgitb.py
index b291100..0f5f32c 100644
--- a/Lib/cgitb.py
+++ b/Lib/cgitb.py
@@ -124,7 +124,7 @@
         args, varargs, varkw, locals = inspect.getargvalues(frame)
         call = ''
         if func != '?':
-            call = 'in ' + strong(func) + \
+            call = 'in ' + strong(pydoc.html.escape(func)) + \
                 inspect.formatargvalues(args, varargs, varkw, locals,
                     formatvalue=lambda value: '=' + pydoc.html.repr(value))
 
@@ -282,7 +282,7 @@
 
         if self.display:
             if plain:
-                doc = doc.replace('&', '&amp;').replace('<', '&lt;')
+                doc = pydoc.html.escape(doc)
                 self.file.write('<pre>' + doc + '</pre>\n')
             else:
                 self.file.write(doc + '\n')

Lib/test/test_cgitb.py

diff --git a/Lib/test/test_cgitb.py b/Lib/test/test_cgitb.py
index a87a422..e299ec3 100644
--- a/Lib/test/test_cgitb.py
+++ b/Lib/test/test_cgitb.py
@@ -45,6 +45,7 @@
         out = out.decode(sys.getfilesystemencoding())
         self.assertIn("ValueError", out)
         self.assertIn("Hello World", out)
+        self.assertIn("<strong>&lt;module&gt;</strong>", out)
         # By default we emit HTML markup.
         self.assertIn('<p>', out)
         self.assertIn('</p>', out)