mirror of
https://github.com/sinatra/sinatra
synced 2023-03-27 23:18:01 -04:00
Fix that built-in error message response not HTML escaped.
Stack traces and Object#inspect output lots of less-than signs that need escaping. There's probably a better way to do this. My first iteration called CGI::escapeHTML and then I noticed that Rack includes a nice Utils module with various escaping methods so I figured that would be a better fit for Sinatra. Unfortunately, these methods don't seem to be exposed anywhere (that I could find) so I extended the Rack::Utils module with itself so that messages could be sent directly to the module.
This commit is contained in:
Ryan Tomayko
parent
0fa5de7484
commit
327c6ece36
1 changed files with 6 additions and 2 deletions
|
|
@ -44,6 +44,10 @@ module Rack #:nodoc:
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
module Utils
|
||||||
|
extend self
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
module Sinatra
|
module Sinatra
|
||||||
|
|
@ -623,8 +627,8 @@ module Sinatra
|
||||||
<div id="content">
|
<div id="content">
|
||||||
<img src="/sinatra_custom_images/500.png" />
|
<img src="/sinatra_custom_images/500.png" />
|
||||||
<div id="stacktrace">
|
<div id="stacktrace">
|
||||||
<h1>#{@error.message}</h1>
|
<h1>#{Rack::Utils.escape_html(@error.message)}</h1>
|
||||||
<pre><code>#{@error.backtrace.join("\n")}</code></pre>
|
<pre><code>#{Rack::Utils.escape_html(@error.backtrace.join("\n"))}</code></pre>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue