Changes between Initial Version and Version 1 of Ticket #21098
- Timestamp:
- Sep 12, 2013, 10:51:26 AM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21098 – Description
initial v1 1 Getting an error in MultiValueDict on a POST, such as doing request.POST['foo'], will leak the POST data without any escaping by Django, i.e. the MultiValueDictKeyError contains an unescaped repr of request.POST, no matter if you've added for instance @sensitive_post_parameters("password").1 Getting an error in `MultiValueDict` on a POST, such as doing `request.POST['foo']`, will leak the POST data without any escaping by Django, i.e. the `MultiValueDictKeyError` contains an unescaped `repr` of `request.POST`, no matter if you've added for instance `@sensitive_post_parameters("password")`.