Skip to content


XSS fix for bunny1 #1

merged 1 commit into from

2 participants


Hey Cheever, how's it going? Are you still in the bay area?

Here is a quick fix for bunny1. It's tested and all...

Alok Menghrajani Fixes an XSS in bunny1. f078b60
@ccheever ccheever merged commit e84376b into ccheever:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 30, 2012
  1. Fixes an XSS in bunny1.

    Alok Menghrajani committed
Showing with 1 addition and 1 deletion.
  1. +1 −1 src/
2 src/
@@ -170,7 +170,7 @@ def do_command(self, raw, a=(), k={}):
return self.do_command(arg)
except HTTPRedirect, redir:
- url = redir.urls[0]
+ url = escape(redir.urls[0])
return "<code><b>bunny1</b> DEBUG: redirect to <a href='%s'>%s</a></code>" % (url, url)
# we don't want people calling things like __str__, etc.
Something went wrong with that request. Please try again.