[issue38243] A reflected XSS in python/Lib/DocXMLRPCServer.py
Dong-hee Na
report at bugs.python.org
Tue Sep 24 22:08:49 EDT 2019
Dong-hee Na <donghee.na92 at gmail.com> added the comment:
Looks like this issue can be solved by below code changed.
@@ -833,7 +834,7 @@ class XMLRPCDocGenerator:
def set_server_title(self, server_title):
"""Set the HTML title of the generated server documentation"""
- self.server_title = server_title
+ self.server_title = html.escape(server_title)
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38243>
_______________________________________
More information about the Python-bugs-list
mailing list