Author: adrian
Date: 2006-09-04 19:26:14 -0500 (Mon, 04 Sep 2006)
New Revision: 3722
Modified:
django/trunk/django/views/debug.py
Log:
Added some escaping of request.path to django/views/debug.py. Thanks, Simon
Greenhill
Modified: django/trunk/django/views/debug.py
===================================================================
--- django/trunk/django/views/debug.py 2006-09-05 00:20:53 UTC (rev 3721)
+++ django/trunk/django/views/debug.py 2006-09-05 00:26:14 UTC (rev 3722)
@@ -189,7 +189,7 @@
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="NONE,NOARCHIVE" />
- <title>{{ exception_type }} at {{ request.path }}</title>
+ <title>{{ exception_type }} at {{ request.path|escape }}</title>
<style type="text/css">
html * { padding:0; margin:0; }
body * { padding:10px 20px; }
@@ -292,7 +292,7 @@
<body>
<div id="summary">
- <h1>{{ exception_type }} at {{ request.path }}</h1>
+ <h1>{{ exception_type }} at {{ request.path|escape }}</h1>
<h2>{{ exception_value|escape }}</h2>
<table class="meta">
<tr>
@@ -301,7 +301,7 @@
</tr>
<tr>
<th>Request URL:</th>
- <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path
}}</td>
+ <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{
request.path|escape }}</td>
</tr>
<tr>
<th>Exception Type:</th>
@@ -309,7 +309,7 @@
</tr>
<tr>
<th>Exception Value:</th>
- <td>{{ exception_value }}</td>
+ <td>{{ exception_value|escape }}</td>
</tr>
<tr>
<th>Exception Location:</th>
@@ -412,7 +412,7 @@
{{ frame.lineno }}. {{ frame.context_line|escape }}<br/>
{% endif %}
{% endfor %}<br/>
- {{ exception_type }} at {{ request.path }}<br/>
+ {{ exception_type }} at {{ request.path|escape }}<br/>
{{ exception_value|escape }}</code>
</td>
</tr>
@@ -546,7 +546,7 @@
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
- <title>Page not found at {{ request.path }}</title>
+ <title>Page not found at {{ request.path|escape }}</title>
<meta name="robots" content="NONE,NOARCHIVE" />
<style type="text/css">
html * { padding:0; margin:0; }
@@ -576,7 +576,7 @@
</tr>
<tr>
<th>Request URL:</th>
- <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{ request.path
}}</td>
+ <td>{{ request_protocol }}://{{ request.META.HTTP_HOST }}{{
request.path|escape }}</td>
</tr>
</table>
</div>
@@ -591,7 +591,7 @@
<li>{{ pattern|escape }}</li>
{% endfor %}
</ol>
- <p>The current URL, <code>{{ request.path }}</code>, didn't match any of
these.</p>
+ <p>The current URL, <code>{{ request.path|escape }}</code>, didn't match
any of these.</p>
{% else %}
<p>{{ reason|escape }}</p>
{% endif %}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates
-~----------~----~----~----~------~----~------~--~---
