Fix html escape

author 云中君 <me@abersheeran.com>

Fri, 16 Aug 2019 16:12:12 +0000 (00:12 +0800)

committer GitHub <noreply@github.com>

Fri, 16 Aug 2019 16:12:12 +0000 (00:12 +0800)
author 云中君 <me@abersheeran.com>
Fri, 16 Aug 2019 16:12:12 +0000 (00:12 +0800)
committer GitHub <noreply@github.com>
Fri, 16 Aug 2019 16:12:12 +0000 (00:12 +0800)
diff --git a/starlette/middleware/errors.py b/starlette/middleware/errors.py

index 9c9005c28ed40c1b83a822f57cbadf4cbc78ff14..1f2c40b4482277ba13299589f009eca3b5a09b58 100644 (file)
--- a/starlette/middleware/errors.py
+++ b/starlette/middleware/errors.py
@@ -1,3 +1,4 @@
+import html
  import asyncio
  import inspect
  import traceback
@@ -221,7 +222,7 @@ class ServerErrorMiddleware:
              exc_html += self.generate_frame_html(frame, center_lineno, is_collapsed)
              is_collapsed = True
  
-        error = f"{traceback_obj.exc_type.__name__}: {traceback_obj}"
+        error = f"{traceback_obj.exc_type.__name__}: {html.escape(traceback_obj)}"
  
          return TEMPLATE.format(styles=STYLES, js=JS, error=error, exc_html=exc_html)
author	云中君 <me@abersheeran.com>
	Fri, 16 Aug 2019 16:12:12 +0000 (00:12 +0800)
committer	GitHub <noreply@github.com>
	Fri, 16 Aug 2019 16:12:12 +0000 (00:12 +0800)