Fix another XSS bug, in /buildslaves/.

buildbot · Aug 13, 2009 · 5642507 · 5642507
1 parent 23c81ce
commit 5642507
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/buildbot/status/web/slaves.py b/buildbot/status/web/slaves.py
@@ -77,7 +77,7 @@ def body(self, req):
 
         data.append("<a href=\"%s\">%s</a>\n" % (self.path_to_root(req), projectName))
 
-        data.append("<h1>Build Slave: %s</h1>\n" % self.slavename)
+        data.append("<h1>Build Slave: %s</h1>\n" % html.escape(self.slavename))
 
         shutdown_url = req.childLink("shutdown")
 
@@ -213,4 +213,4 @@ def getChild(self, path, req):
             slave = self.getStatus(req).getSlave(path)
             return OneBuildSlaveResource(path)
         except KeyError:
-            return NoResource("No such slave '%s'" % path)
+            return NoResource("No such slave '%s'" % html.escape(path))