Skip to content

Commit

Permalink
fix XSS in debugger
Browse files Browse the repository at this point in the history 
Fix #1001
  • Loading branch information
@neargle @untitaker
neargle authored and untitaker committed Aug 31, 2016
1 parent be3033c commit 1034edc
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGES
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Bugfix release, unreleased.
see issue ``#995``.
- Fix a bug in multidicts when passing empty lists as values, see issue
``#979``.
- Fix a security issue that allows XSS on the Werkzeug debugger. See ``#1001``.

Version 0.11.10
---------------
Expand Down
2 changes: 1 addition & 1 deletion werkzeug/debug/tbtools.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ def render_full(self, evalex=False, secret=None,
'exception': exc,
'exception_type': escape(self.exception_type),
'summary': self.render_summary(include_title=False),
'plaintext': self.plaintext,
'plaintext': escape(self.plaintext),
'plaintext_cs': re.sub('-{2,}', '-', self.plaintext),
'traceback_id': self.id,
'secret': secret
Expand Down

0 comments on commit 1034edc

Please sign in to comment.