[Bugfix candidate] Escape traceback type and value. There are probably additional cases where cgitb.py doesn't escape as paranoidly as it should (e.g. attribute names)

commit: b67c94318ec85722ce01c03955d6fbf50e3f7aa9 [log] [tgz]
author: Andrew M. Kuchling <amk@amk.ca> Wed Mar 31 20:17:56 2004 +0000
committer: Andrew M. Kuchling <amk@amk.ca> Wed Mar 31 20:17:56 2004 +0000
tree: f62df629a6f12fcce77475f2475eedc7f59651b8
parent: fb66cd25406555124fbab964388d4a79a7bc792e [diff] [blame]
diff --git a/Lib/cgitb.py b/Lib/cgitb.py
index cd469ad..ab4c598 100644
--- a/Lib/cgitb.py
+++ b/Lib/cgitb.py

@@ -146,7 +146,8 @@
 <table width="100%%" cellspacing=0 cellpadding=0 border=0>
 %s</table>''' % '\n'.join(rows))
 
-    exception = ['<p>%s: %s' % (strong(str(etype)), str(evalue))]
+    exception = ['<p>%s: %s' % (strong(pydoc.html.escape(str(etype))),
+                                pydoc.html.escape(str(evalue)))]
     if type(evalue) is types.InstanceType:
         for name in dir(evalue):
             if name[:1] == '_': continue
commit	b67c94318ec85722ce01c03955d6fbf50e3f7aa9	[log] [tgz]
author	Andrew M. Kuchling <amk@amk.ca>	Wed Mar 31 20:17:56 2004 +0000
committer	Andrew M. Kuchling <amk@amk.ca>	Wed Mar 31 20:17:56 2004 +0000
tree	f62df629a6f12fcce77475f2475eedc7f59651b8
parent	fb66cd25406555124fbab964388d4a79a7bc792e [diff] [blame]