STINNER Victor <[email protected]> added the comment:
> I've proposed the patch on GitHub which escaping the server_title when the
> documenter.page is called. (It different point with msg353132.
The attached poc.py seems to show that server name and server documentation are
not escaped neither.
server.set_server_name('test<script>')
server.set_server_documentation('test<script>')
Well, please write a test to check that ;-)
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue38243>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
