Commit 595806a9 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

python: escape more variable when formatting error_message_format

parent 9d66fc4b
......@@ -1143,6 +1143,7 @@ try:
error_content_type = 'text/html; charset=UTF-8'
# Same HTML from Apache error page
error_message_format = '''\
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
......@@ -1167,8 +1168,11 @@ try:
explain = longmsg
content = self.error_message_format.format(\
code=code, reason = escape(message), explain=explain,
server=self.server_version, hostname=socket.getfqdn(),
code=code,
reason = escape(message),
explain=escape(explain),
server=escape(self.server_version),
hostname=escape(socket.getfqdn()),
port=self.server.server_address[1]).encode('UTF-8')
self.send_response(code, message)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment