From 102ef36b8b92764181cf57414f507fd616f68570 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Sun, 16 Dec 2012 22:36:20 -0800 Subject: [PATCH] Entity-escape error response payload JSON. This fixes a minor self-XSS in the Wiki editor for config/stylesheet and should protect us against similar issues happening again in the future. Thanks to @nealpoole for the disclosure. --- r2/r2/controllers/error.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/r2/r2/controllers/error.py b/r2/r2/controllers/error.py index 0d79a71c7..fd93f5604 100644 --- a/r2/r2/controllers/error.py +++ b/r2/r2/controllers/error.py @@ -31,7 +31,7 @@ from r2.config import extensions from pylons.i18n import _ import random as rand from r2.controllers.errors import ErrorSet -from r2.lib.filters import safemarkdown, unsafe +from r2.lib.filters import safemarkdown, unsafe, websafe_json import json @@ -172,7 +172,7 @@ class ErrorController(RedditController): return c.response elif c.render_style in extensions.API_TYPES: data = request.environ.get('extra_error_data', {'error': code}) - c.response.content = json.dumps(data) + c.response.content = websafe_json(json.dumps(data)) return c.response elif takedown and code == 404: link = Link._by_fullname(takedown)