jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Invalid user supplied messages should be escaped HTML entity escaped.

Browse Source
This commit is contained in:
Levi Gross 2014-02-04 10:57:15 -05:00
parent 0226b2cd1f
commit 791ea6ae53
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gunicorn/util.py
View File

@ -18,11 +18,13 @@ import traceback
import inspect import inspect
import errno import errno
import warnings import warnings
import cgi
from gunicorn.errors import AppImportError from gunicorn.errors import AppImportError
from gunicorn.six import text_type, string_types from gunicorn.six import text_type
from gunicorn.workers import SUPPORTED_WORKERS from gunicorn.workers import SUPPORTED_WORKERS
MAXFD = 1024 MAXFD = 1024
REDIRECT_TO = getattr(os, 'devnull', '/dev/null') REDIRECT_TO = getattr(os, 'devnull', '/dev/null')
@ -332,7 +334,7 @@ def write_error(sock, status_int, reason, mesg):
%(mesg)s %(mesg)s
</body> </body>
</html> </html>
""") % {"reason": reason, "mesg": mesg} """) % {"reason": reason, "mesg": cgi.escape(mesg)}
http = textwrap.dedent("""\ http = textwrap.dedent("""\
HTTP/1.1 %s %s\r HTTP/1.1 %s %s\r