kotovalexarian-likes-github
/
sinatra
mirror of https://github.com/sinatra/sinatra
1
0
Fork 0
Code Releases Activity

Fix that built-in error message response not HTML escaped. 

Stack traces and Object#inspect output lots of less-than signs
that need escaping.

There's probably a better way to do this. My first iteration called
CGI::escapeHTML and then I noticed that Rack includes a nice Utils module with
various escaping methods so I figured that would be a better fit for Sinatra.
Unfortunately, these methods don't seem to be exposed anywhere (that I could
find) so I extended the Rack::Utils module with itself so that messages could be
sent directly to the module.
This commit is contained in:
Ryan Tomayko 2008-03-08 07:21:43 -05:00
parent 0fa5de7484
commit 327c6ece36
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/sinatra.rb
View File

@ -44,6 +44,10 @@ module Rack #:nodoc:
end
module Utils
extend self
end
end
module Sinatra
@ -623,8 +627,8 @@ module Sinatra
<div id="content">
<img src="/sinatra_custom_images/500.png" />
<div id="stacktrace">
<h1>#{@error.message}</h1>
<pre><code>#{@error.backtrace.join("\n")}</code></pre>
<h1>#{Rack::Utils.escape_html(@error.message)}</h1>
<pre><code>#{Rack::Utils.escape_html(@error.backtrace.join("\n"))}</code></pre>
</div>
</body>
</html>