Opened 19 years ago
Closed 18 years ago
#3419 closed (fixed)
exception value not html-escaped in exception view
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Uncategorized | Version: | 0.95 |
| Severity: | Keywords: | ||
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
when raising an exception whose exception value contains html metachars like "<", these are not properly escaped in the exception view.
example:
# Create your view here.
from myapp.models import mydbobject
function throwexc(request):
raise Exception, mydbobject.objects.all()
gives you:
Exception at /throwexc/ [<foo>, <bar>] Request Method: GET Request URL: http://localhost:8000/throwexc/ Exception Type: Exception: Exception Value: [, ]
([, ] having html source code [<foo>, <bar>])
Change History (2)
comment:1 by , 19 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:2 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
The exception value is properly escaped in the trunk (tested at 6206).