Escape error messages before printing them.

alobbs · alobbs · commit cd0cb606b78d · 2010-06-23T12:08:10.000Z
git-svn-id: svn://cherokee-project.com/CTK/trunk@5234 5dc97367-97f1-0310-9951-d761b3857238
diff --git a/CTK/Server.py b/CTK/Server.py
@@ -1,3 +1,5 @@
+# -*- coding: utf-8 -*-
+
 # CTK: Cherokee Toolkit
 #
 # Authors:
@@ -35,6 +37,8 @@
 from Post import Post
 from HTTP import HTTP_Response, HTTP_Error
 
+from cgi import escape as escape_html
+
 
 class PostValidator:
     def __init__ (self, post, validation_list):
@@ -139,9 +143,6 @@ def manage_exception():
             print >> sys.stderr, info
 
             # Custom error management
-            #page = error.page (info, desc)
-            #response = HTTP_Response (error=500, body=page.Render())
-            #self.send (str(response))
             if error.page:
                 try:
                     page = error.page (info, desc)
@@ -153,7 +154,7 @@ def manage_exception():
                     pass
 
             # No error handling page
-            html = '<pre>%s</pre>'%(info)
+            html = '<pre>%s</pre>' %(escape_html(info))
             self.send (str(HTTP_Error(desc=html)))
 
         try:
