bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML.

commit: e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa [log] [tgz]
author: Dong-hee Na <donghee.na92@gmail.com> Sat Sep 28 04:59:37 2019 +0900
committer: Victor Stinner <vstinner@redhat.com> Fri Sep 27 21:59:37 2019 +0200
tree: 21492197b7eca061db3cc120a1fdadc686910e56
parent: dd6117c6d7859fee57751593cd56f0862131de8b [diff] [blame]
diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
index f1c467e..32aba4d 100644
--- a/Lib/xmlrpc/server.py
+++ b/Lib/xmlrpc/server.py

@@ -108,6 +108,7 @@
 from http.server import BaseHTTPRequestHandler
 from functools import partial
 from inspect import signature
+import html
 import http.server
 import socketserver
 import sys
@@ -894,7 +895,7 @@
                                 methods
                             )
 
-        return documenter.page(self.server_title, documentation)
+        return documenter.page(html.escape(self.server_title), documentation)
 
 class DocXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
     """XML-RPC and documentation request handler class.
commit	e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa	[log] [tgz]
author	Dong-hee Na <donghee.na92@gmail.com>	Sat Sep 28 04:59:37 2019 +0900
committer	Victor Stinner <vstinner@redhat.com>	Fri Sep 27 21:59:37 2019 +0200
tree	21492197b7eca061db3cc120a1fdadc686910e56
parent	dd6117c6d7859fee57751593cd56f0862131de8b [diff] [blame]