Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

XSS fix for bunny1 #1

Merged
merged 1 commit into from

2 participants

@alokmenghrajani

Hey Cheever, how's it going? Are you still in the bay area?

Here is a quick fix for bunny1. It's tested and all...

Alok Menghrajani Fixes an XSS in bunny1. f078b60
@ccheever
Owner
@ccheever ccheever merged commit e84376b into ccheever:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 30, 2012
  1. Fixes an XSS in bunny1.

    Alok Menghrajani authored
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  src/bunny1.py
View
2  src/bunny1.py
@@ -170,7 +170,7 @@ def do_command(self, raw, a=(), k={}):
try:
return self.do_command(arg)
except HTTPRedirect, redir:
- url = redir.urls[0]
+ url = escape(redir.urls[0])
return "<code><b>bunny1</b> DEBUG: redirect to <a href='%s'>%s</a></code>" % (url, url)
# we don't want people calling things like __str__, etc.
Something went wrong with that request. Please try again.