[issue35603] table header in output of difflib.HtmlDiff.make_table is not escaped and can be rendered as code in the browser
Serhiy Storchaka
report at bugs.python.org
Sat Jan 5 14:19:38 EST 2019
Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:
Yes, please make a documentation PR. Since this behavior can cause a security hole in the user code, make this note visually attractive (maybe use the "note" directive).
----------
stage: patch review -> needs patch
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35603>
_______________________________________
More information about the Python-bugs-list
mailing list