"Wrap" a python-cgi
Ben Hutchings
ben.hutchings at roundpoint.com
Fri Mar 9 03:47:38 EST 2001
Kalle Svensson <kalle at gnupung.net> writes:
<snip>
> if __name__ == "__main__":
> print "Content-Type: text/html\n"
> try:
> main()
> except:
> import traceback, sys
> print "<h1>Error!</h1>\n<pre>"
> traceback.print_exc(file=sys.stdout)
> print "</pre>"
Eek! There's a cross-site scripting attack in the making!
Instead of printing the traceback directly to standard output, print
it to a string-file, HTML-escape the string and then print that.
--
Any opinions expressed are my own and not necessarily those of Roundpoint.
More information about the Python-list
mailing list