[Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities

Bill Janssen janssen at parc.com
Tue Jun 22 23:29:50 CEST 2010

• Previous message: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities
• Next message: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Craig Younkins <cyounkins at gmail.com> wrote:
> cgi.escape never escapes single quote characters, which can easily lead to a
> Cross-Site Scripting (XSS) vulnerability. This seems to be known by many,
> but a quick search reveals many are using cgi.escape for HTML attribute
> escaping.

Did you file a bug report?
Bill

---

• Previous message: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities
• Next message: [Python-Dev] Use of cgi.escape can lead to XSS vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-Dev mailing list