My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 59: Should greeting.content = self.request.get('content') be escaped?
1 person starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by raullenc...@gmail.com, Feb 2, 2012
Line 43 of guestbook5_datastore.py

greeting.content = self.request.get('content')

I guess it is better to have it escaped:

greeting.content = cgi.escape(self.request.get('content'))


Any suggestions? Correct me if I am wrong.
Sign in to add a comment

Powered by Google Project Hosting