From 997a91a4b40249ad63c56b362104ac2f77592b00 Mon Sep 17 00:00:00 2001 From: Karl Czajkowski Date: Wed, 20 Sep 2023 19:48:44 -0700 Subject: [PATCH] force error content to str() before html.escape() while we don't really want to have non-string values here and particularly `None`, we should tolerate it so that this exception handling layer does not double-fault... --- hatrac/rest/core.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hatrac/rest/core.py b/hatrac/rest/core.py index 5173350..18c3e7c 100644 --- a/hatrac/rest/core.py +++ b/hatrac/rest/core.py @@ -148,13 +148,13 @@ def get_body(self, environ=None, scope=None): template = self.response_templates[self.content_type] description = self.get_description() parts = { - "code": str(self.code), + "code": self.code, "description": description, "message": description, # for existing hatrac_config template feature "title": self.title, # for our new generic templates } if self.content_type == 'text/html': - parts = { k: html.escape(v) for k, v in parts.items() } + parts = { k: html.escape(str(v)) for k, v in parts.items() } return (template + '\n') % parts def get_headers(self, environ=None, scope=None):