Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2010-June/100927.html below:

[Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities

• Previous message: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities
• Next message: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Craig Younkins <cyounkins at gmail.com> wrote:

> cgi.escape never escapes single quote characters, which can easily lead to a
> Cross-Site Scripting (XSS) vulnerability. This seems to be known by many,
> but a quick search reveals many are using cgi.escape for HTML attribute
> escaping.

Did you file a bug report?

Bill

• Previous message: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities
• Next message: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4