Skip to content
Browse files

Fixes an XSS in bunny1.

  • Loading branch information...
1 parent d72dbca commit f078b6058f8ed959b492d92d8519bca24a471a28 Alok Menghrajani committed Apr 30, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 src/bunny1.py
View
2 src/bunny1.py
@@ -170,7 +170,7 @@ def do_command(self, raw, a=(), k={}):
try:
return self.do_command(arg)
except HTTPRedirect, redir:
- url = redir.urls[0]
+ url = escape(redir.urls[0])
return "<code><b>bunny1</b> DEBUG: redirect to <a href='%s'>%s</a></code>" % (url, url)
# we don't want people calling things like __str__, etc.

0 comments on commit f078b60

Please sign in to comment.
Something went wrong with that request. Please try again.