Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added some escaping of request.path to django/views/debug.py. Thanks,…

… Simon Greenhill

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3722 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 6417d6c7c3e439253b0188a61e5bcd0dd5063bc4 1 parent 7bd9462
@adrianholovaty adrianholovaty authored
Showing with 8 additions and 8 deletions.
  1. +8 −8 django/views/debug.py
View
16 django/views/debug.py
@@ -189,7 +189,7 @@ def _get_lines_from_file(filename, lineno, context_lines):
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="NONE,NOARCHIVE" />
- <title>{{ exception_type }} at {{ request.path }}</title>
+ <title>{{ exception_type }} at {{ request.path|escape }}</title>
<style type="text/css">
html * { padding:0; margin:0; }
body * { padding:10px 20px; }
@@ -292,7 +292,7 @@ def _get_lines_from_file(filename, lineno, context_lines):
<body>
<div id="summary">
- <h1>{{ exception_type }} at {{ request.path }}</h1>
+ <h1>{{ exception_type }} at {{ request.path|escape }}</h1>
<h2>{{ exception_value|escape }}</h2>
<table class="meta">
<tr>
@@ -301,7 +301,7 @@ def _get_lines_from_file(filename, lineno, context_lines):
</tr>
<tr>
<th>Request URL:</th>
- <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path }}</td>
+ <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path|escape }}</td>
</tr>
<tr>
<th>Exception Type:</th>
@@ -309,7 +309,7 @@ def _get_lines_from_file(filename, lineno, context_lines):
</tr>
<tr>
<th>Exception Value:</th>
- <td>{{ exception_value }}</td>
+ <td>{{ exception_value|escape }}</td>
</tr>
<tr>
<th>Exception Location:</th>
@@ -412,7 +412,7 @@ def _get_lines_from_file(filename, lineno, context_lines):
&nbsp;&nbsp;{{ frame.lineno }}. {{ frame.context_line|escape }}<br/>
{% endif %}
{% endfor %}<br/>
-&nbsp;&nbsp;{{ exception_type }} at {{ request.path }}<br/>
+&nbsp;&nbsp;{{ exception_type }} at {{ request.path|escape }}<br/>
&nbsp;&nbsp;{{ exception_value|escape }}</code>
</td>
</tr>
@@ -546,7 +546,7 @@ def _get_lines_from_file(filename, lineno, context_lines):
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
- <title>Page not found at {{ request.path }}</title>
+ <title>Page not found at {{ request.path|escape }}</title>
<meta name="robots" content="NONE,NOARCHIVE" />
<style type="text/css">
html * { padding:0; margin:0; }
@@ -576,7 +576,7 @@ def _get_lines_from_file(filename, lineno, context_lines):
</tr>
<tr>
<th>Request URL:</th>
- <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path }}</td>
+ <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path|escape }}</td>
</tr>
</table>
</div>
@@ -591,7 +591,7 @@ def _get_lines_from_file(filename, lineno, context_lines):
<li>{{ pattern|escape }}</li>
{% endfor %}
</ol>
- <p>The current URL, <code>{{ request.path }}</code>, didn't match any of these.</p>
+ <p>The current URL, <code>{{ request.path|escape }}</code>, didn't match any of these.</p>
{% else %}
<p>{{ reason|escape }}</p>
{% endif %}
Please sign in to comment.
Something went wrong with that request. Please try again.