Message 353170 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	corona10, longwenzhang, mdk, vstinner, xtreak
Date	2019-09-25.11:01:41
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1569409301.31.0.251478165049.issue38243@roundup.psfhosted.org>
In-reply-to

Content
> I've proposed the patch on GitHub which escaping the server_title when the documenter.page is called. (It different point with msg353132. The attached poc.py seems to show that server name and server documentation are not escaped neither. server.set_server_name('test<script>') server.set_server_documentation('test<script>') Well, please write a test to check that ;-)

> I've proposed the patch on GitHub which escaping the server_title when the documenter.page is called. (It different point with msg353132.

The attached poc.py seems to show that server name and server documentation are not escaped neither.

server.set_server_name('test<script>')
server.set_server_documentation('test<script>')

Well, please write a test to check that ;-)

History
Date	User	Action	Args
2019-09-25 11:01:41	vstinner	set	recipients: + vstinner, mdk, corona10, xtreak, longwenzhang
2019-09-25 11:01:41	vstinner	set	messageid: <1569409301.31.0.251478165049.issue38243@roundup.psfhosted.org>
2019-09-25 11:01:41	vstinner	link	issue38243 messages
2019-09-25 11:01:41	vstinner	create