summaryrefslogtreecommitdiff
path: root/django/views/debug.py
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2017-08-09 21:12:37 -0400
committerTim Graham <timograham@gmail.com>2017-09-05 10:58:38 -0400
commit46e2b9e059e617afe6fe56da9f132568a7e6b198 (patch)
tree7856e671b8a8ef84c11bce51f973fd58ece3a663 /django/views/debug.py
parent73b6d027472fbbf823da4a084cdb9fb12e30dc60 (diff)
Fixed CVE-2017-12794 -- Fixed XSS possibility in traceback section of technical 500 debug page.
This is a security fix.
Diffstat (limited to 'django/views/debug.py')
-rw-r--r--django/views/debug.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/django/views/debug.py b/django/views/debug.py
index fca137fd07..35cff6338f 100644
--- a/django/views/debug.py
+++ b/django/views/debug.py
@@ -8,7 +8,7 @@ from pathlib import Path
from django.conf import settings
from django.http import HttpResponse, HttpResponseNotFound
from django.template import Context, Engine, TemplateDoesNotExist
-from django.template.defaultfilters import force_escape, pprint
+from django.template.defaultfilters import pprint
from django.urls import Resolver404, resolve
from django.utils import timezone
from django.utils.datastructures import MultiValueDict
@@ -271,7 +271,7 @@ class ExceptionReporter:
# Trim large blobs of data
if len(v) > 4096:
v = '%s... <trimmed %d bytes string>' % (v[0:4096], len(v))
- frame_vars.append((k, force_escape(v)))
+ frame_vars.append((k, v))
frame['vars'] = frame_vars
frames[i] = frame
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 07:29:36 +0000