Skip to content

Commit

Permalink
force error content to str() before html.escape()
Browse files Browse the repository at this point in the history
while we don't really want to have non-string values here
and particularly `None`, we should tolerate it so that this
exception handling layer does not double-fault...
  • Loading branch information
karlcz committed Sep 21, 2023
1 parent a745873 commit 997a91a
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions hatrac/rest/core.py
Original file line number Diff line number Diff line change
Expand Up @@ -148,13 +148,13 @@ def get_body(self, environ=None, scope=None):
template = self.response_templates[self.content_type]
description = self.get_description()
parts = {
"code": str(self.code),
"code": self.code,
"description": description,
"message": description, # for existing hatrac_config template feature
"title": self.title, # for our new generic templates
}
if self.content_type == 'text/html':
parts = { k: html.escape(v) for k, v in parts.items() }
parts = { k: html.escape(str(v)) for k, v in parts.items() }
return (template + '\n') % parts

def get_headers(self, environ=None, scope=None):
Expand Down

0 comments on commit 997a91a

Please sign in to comment.