◐ Shell
clean mode source ↗

[3.6] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) by vstinner · Pull Request #16441 · python/cpython

vstinner

Conversation

@vstinner

@vstinner vstinner commented

Sep 27, 2019

edited by bedevere-bot

Loading

Copy link Copy Markdown

Member

Escape the server title of xmlrpc.server.DocXMLRPCServer
when rendering the document page as HTML.

(cherry picked from commit e8650a4)

https://bugs.python.org/issue38243

 
Escape the server title of xmlrpc.server.DocXMLRPCServer
when rendering the document page as HTML.

(cherry picked from commit e8650a4)

@vstinner

Copy link Copy Markdown

Member Author

@ned-deily: Would you mind to review/merge this security fix please? It's a straightforward backport from master.

@ned-deily ned-deily merged commit 1698cac into python:3.6

Sep 28, 2019

larryhastings pushed a commit that referenced this pull request

Oct 29, 2019 
… (#16516)

Escape the server title of xmlrpc.server.DocXMLRPCServer
when rendering the document page as HTML.

(cherry picked from commit e8650a4)

@vstinner vstinner deleted the xmlrpc36 branch

January 30, 2020 12:13

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ned-deily ned-deily ned-deily approved these changes

Assignees

No one assigned

Labels

type-security

A security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@vstinner @ned-deily @the-knights-who-say-ni @bedevere-bot @corona10