jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Invalid user supplied messages should be escaped HTML entity escaped.

Browse Source
This commit is contained in:
Levi Gross 2014-02-04 10:57:15 -05:00
parent 0226b2cd1f
commit 791ea6ae53
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gunicorn/util.py
View File

@ -18,11 +18,13 @@ import traceback
import inspect
import errno
import warnings
import cgi
from gunicorn.errors import AppImportError
from gunicorn.six import text_type, string_types
from gunicorn.six import text_type
from gunicorn.workers import SUPPORTED_WORKERS
MAXFD = 1024
REDIRECT_TO = getattr(os, 'devnull', '/dev/null')
@ -332,7 +334,7 @@ def write_error(sock, status_int, reason, mesg):
%(mesg)s
</body>
</html>
""") % {"reason": reason, "mesg": mesg}
""") % {"reason": reason, "mesg": cgi.escape(mesg)}
http = textwrap.dedent("""\
HTTP/1.1 %s %s\r