From 1034edc7f901dd645ec6e462754111b39002bd65 Mon Sep 17 00:00:00 2001 From: Your Name <neargle@outlook.com> Date: Wed, 31 Aug 2016 16:00:55 +0800 Subject: [PATCH] fix XSS in debugger Fix #1001 --- werkzeug/debug/tbtools.py | 2 +- 1 files changed, 1 insertions(+), 1 deletion(-) diff --git a/werkzeug/debug/tbtools.py b/werkzeug/debug/tbtools.py index 42f9d928d..2ee4718cb 100644 --- a/werkzeug/debug/tbtools.py +++ b/werkzeug/debug/tbtools.py @@ -358,7 +358,7 @@ def render_full(self, evalex=False, secret=None, 'exception': exc, 'exception_type': escape(self.exception_type), 'summary': self.render_summary(include_title=False), - 'plaintext': self.plaintext, + 'plaintext': escape(self.plaintext), 'plaintext_cs': re.sub('-{2,}', '-', self.plaintext), 'traceback_id': self.id, 'secret': secret