testbot: Escape error messages for HTML as they may contain troublesome characters.
Francois Gouget
fgouget at codeweavers.com
Wed Aug 6 18:19:42 CDT 2014
---
For instance the troublesome characters may come from a user-specified
filename.
testbot/lib/WineTestBot/CGI/PageBase.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/testbot/lib/WineTestBot/CGI/PageBase.pm b/testbot/lib/WineTestBot/CGI/PageBase.pm
index 1b1b919..a304629 100644
--- a/testbot/lib/WineTestBot/CGI/PageBase.pm
+++ b/testbot/lib/WineTestBot/CGI/PageBase.pm
@@ -340,7 +340,7 @@ sub GenerateErrorDiv($$)
if ($ErrMessage)
{
print "<noscript>\n";
- print "<div id='errormessage'>", $ErrMessage, "</div>\n";
+ print "<div id='errormessage'>", $Page->CGI->escapeHTML($ErrMessage), "</div>\n";
print "</noscript>\n";
}
}
--
2.0.1
More information about the wine-patches
mailing list