p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added some escaping of request.path to django/views/debug.py. Thanks, Simon Greenhill 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3722 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2006-09-05 00:26:14 +00:00
parent 7bd946258e
commit 6417d6c7c3
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
django/views/debug.py
View File

@ -189,7 +189,7 @@ TECHNICAL_500_TEMPLATE = """
<head> <head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="NONE,NOARCHIVE" /> <meta name="robots" content="NONE,NOARCHIVE" />
<title>{{ exception_type }} at {{ request.path }}</title> <title>{{ exception_type }} at {{ request.path|escape }}</title>
<style type="text/css"> <style type="text/css">
html * { padding:0; margin:0; } html * { padding:0; margin:0; }
body * { padding:10px 20px; } body * { padding:10px 20px; }
@ -292,7 +292,7 @@ TECHNICAL_500_TEMPLATE = """
<body> <body>
<div id="summary"> <div id="summary">
<h1>{{ exception_type }} at {{ request.path }}</h1> <h1>{{ exception_type }} at {{ request.path|escape }}</h1>
<h2>{{ exception_value|escape }}</h2> <h2>{{ exception_value|escape }}</h2>
<table class="meta"> <table class="meta">
<tr> <tr>
@ -301,7 +301,7 @@ TECHNICAL_500_TEMPLATE = """
</tr> </tr>
<tr> <tr>
<th>Request URL:</th> <th>Request URL:</th>
<td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path }}</td> <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path|escape }}</td>
</tr> </tr>
<tr> <tr>
<th>Exception Type:</th> <th>Exception Type:</th>
@ -309,7 +309,7 @@ TECHNICAL_500_TEMPLATE = """
</tr> </tr>
<tr> <tr>
<th>Exception Value:</th> <th>Exception Value:</th>
<td>{{ exception_value }}</td> <td>{{ exception_value|escape }}</td>
</tr> </tr>
<tr> <tr>
<th>Exception Location:</th> <th>Exception Location:</th>
@ -412,7 +412,7 @@ Traceback (most recent call last):<br/>
&nbsp;&nbsp;{{ frame.lineno }}. {{ frame.context_line|escape }}<br/> &nbsp;&nbsp;{{ frame.lineno }}. {{ frame.context_line|escape }}<br/>
{% endif %} {% endif %}
{% endfor %}<br/> {% endfor %}<br/>
&nbsp;&nbsp;{{ exception_type }} at {{ request.path }}<br/> &nbsp;&nbsp;{{ exception_type }} at {{ request.path|escape }}<br/>
&nbsp;&nbsp;{{ exception_value|escape }}</code> &nbsp;&nbsp;{{ exception_value|escape }}</code>
</td> </td>
</tr> </tr>
@ -546,7 +546,7 @@ TECHNICAL_404_TEMPLATE = """
<html lang="en"> <html lang="en">
<head> <head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Page not found at {{ request.path }}</title> <title>Page not found at {{ request.path|escape }}</title>
<meta name="robots" content="NONE,NOARCHIVE" /> <meta name="robots" content="NONE,NOARCHIVE" />
<style type="text/css"> <style type="text/css">
html * { padding:0; margin:0; } html * { padding:0; margin:0; }
@ -576,7 +576,7 @@ TECHNICAL_404_TEMPLATE = """
</tr> </tr>
<tr> <tr>
<th>Request URL:</th> <th>Request URL:</th>
<td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path }}</td> <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path|escape }}</td>
</tr> </tr>
</table> </table>
</div> </div>
@ -591,7 +591,7 @@ TECHNICAL_404_TEMPLATE = """
<li>{{ pattern|escape }}</li> <li>{{ pattern|escape }}</li>
{% endfor %} {% endfor %}
</ol> </ol>
<p>The current URL, <code>{{ request.path }}</code>, didn't match any of these.</p> <p>The current URL, <code>{{ request.path|escape }}</code>, didn't match any of these.</p>
{% else %} {% else %}
<p>{{ reason|escape }}</p> <p>{{ reason|escape }}</p>
{% endif %} {% endif %}