From 670c644ff5708cc333a3eddb054dc97c6f05634c Mon Sep 17 00:00:00 2001
From: mtredinnick <mtredinnick@bcc190cf-cafb-0310-a4f2-bffc1f526a37>
Date: Tue, 20 Nov 2007 01:37:16 +0000
Subject: [PATCH] Fixed #5974 -- Added autoescaping for source code lines and
 local variables in technical debug page.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6704 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/views/debug.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/django/views/debug.py b/django/views/debug.py
index 7c45af23..3358d2f0 100644
--- a/django/views/debug.py
+++ b/django/views/debug.py
@@ -422,11 +422,11 @@ TECHNICAL_500_TEMPLATE = """
           {% if frame.context_line %}
             <div class="context" id="c{{ frame.id }}">
               {% if frame.pre_context %}
-                <ol start="{{ frame.pre_context_lineno }}" class="pre-context" id="pre{{ frame.id }}">{% for line in frame.pre_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line }}</li>{% endfor %}</ol>
+                <ol start="{{ frame.pre_context_lineno }}" class="pre-context" id="pre{{ frame.id }}">{% for line in frame.pre_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line|escape }}</li>{% endfor %}</ol>
               {% endif %}
-              <ol start="{{ frame.lineno }}" class="context-line"><li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ frame.context_line }} <span>...</span></li></ol>
+              <ol start="{{ frame.lineno }}" class="context-line"><li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ frame.context_line|escape }} <span>...</span></li></ol>
               {% if frame.post_context %}
-                <ol start='{{ frame.lineno|add:"1" }}' class="post-context" id="post{{ frame.id }}">{% for line in frame.post_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line }}</li>{% endfor %}</ol>
+                <ol start='{{ frame.lineno|add:"1" }}' class="post-context" id="post{{ frame.id }}">{% for line in frame.post_context %}<li onclick="toggle('pre{{ frame.id }}', 'post{{ frame.id }}')">{{ line|escape }}</li>{% endfor %}</ol>
               {% endif %}
             </div>
           {% endif %}
@@ -445,8 +445,8 @@ TECHNICAL_500_TEMPLATE = """
               <tbody>
                 {% for var in frame.vars|dictsort:"0" %}
                   <tr>
-                    <td>{{ var.0 }}</td>
-                    <td class="code"><div>{{ var.1|pprint }}</div></td>
+                    <td>{{ var.0|escape }}</td>
+                    <td class="code"><div>{{ var.1|pprint|escape }}</div></td>
                   </tr>
                 {% endfor %}
               </tbody>
@@ -466,7 +466,7 @@ Traceback (most recent call last):<br/>
 {% for frame in frames %}
   File "{{ frame.filename }}" in {{ frame.function }}<br/>
   {% if frame.context_line %}
-    &nbsp;&nbsp;{{ frame.lineno }}. {{ frame.context_line }}<br/>
+    &nbsp;&nbsp;{{ frame.lineno }}. {{ frame.context_line|escape }}<br/>
   {% endif %}
 {% endfor %}<br/>
 &nbsp;&nbsp;{{ exception_type }} at {{ request.path|escape }}<br/>
-- 
2.11.4.GIT