Re: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities

Craig Younkins Wed, 23 Jun 2010 08:53:18 -0700

http://bugs.python.org/issue9061


On Tue, Jun 22, 2010 at 5:29 PM, Bill Janssen <jans...@parc.com> wrote:

> Craig Younkins <cyounk...@gmail.com> wrote:
>
> > cgi.escape never escapes single quote characters, which can easily lead
> to a
> > Cross-Site Scripting (XSS) vulnerability. This seems to be known by many,
> > but a quick search reveals many are using cgi.escape for HTML attribute
> > escaping.
>
> Did you file a bug report?
>
> Bill
>

_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities

Reply via email to