From 5ff22467a60b39d13a605e4feb706861e5fb1e4e Mon Sep 17 00:00:00 2001 From: shortcutme Date: Wed, 21 Nov 2018 19:28:30 +0100 Subject: [PATCH] Sanitize error message --- src/Debug/Debug.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Debug/Debug.py b/src/Debug/Debug.py index 960d260c..004c2d6b 100644 --- a/src/Debug/Debug.py +++ b/src/Debug/Debug.py @@ -1,5 +1,6 @@ import sys import os +import cgi from Config import config @@ -30,7 +31,7 @@ def formatException(err=None, format="text"): file = os.path.split(path)[1] tb.append("%s line %s" % (file, line)) if format == "html": - return "%s: %s
%s" % (exc_type.__name__, err, " > ".join(tb)) + return "%s: %s
%s" % (exc_type.__name__, cgi.escape(str(err)), " > ".join(tb)) else: return "%s: %s in %s" % (exc_type.__name__, err, " > ".join(tb))