Code

Opened 7 years ago

Closed 7 years ago

#3419 closed (fixed)

exception value not html-escaped in exception view

Reported by: webograph@… Owned by: nobody
Component: Uncategorized Version: 0.95
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

when raising an exception whose exception value contains html metachars like "<", these are not properly escaped in the exception view.

example:

# Create your view here.
from myapp.models import mydbobject
function throwexc(request):
    raise Exception, mydbobject.objects.all()

gives you:

Exception at /throwexc/
[<foo>, <bar>]
Request Method: GET
Request URL: http://localhost:8000/throwexc/
Exception Type: Exception:
Exception Value: [, ]

([, ] having html source code [<foo>, <bar>])

Attachments (0)

Change History (2)

comment:1 Changed 7 years ago by Gary Wilson <gary.wilson@…>

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 7 years ago by durdinator

  • Resolution set to fixed
  • Status changed from new to closed

The exception value is properly escaped in the trunk (tested at 6206).

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.