boxesserver: Allow multi-line errors

Fixing potential cross-site scripting attacks in passing
2019-04-20 15:54:49 +02:00 · 2019-04-20 15:54:49 +02:00 · 18ea1a5ed4
parent e8e248994b
commit 18ea1a5ed4
1 changed files with 3 additions and 2 deletions
--- a/scripts/boxesserver
+++ b/scripts/boxesserver
@ -317,8 +317,9 @@ Create boxes and more with a laser cutter!
  <meta name="flattr:id" content="456799">
 </head>
 <body>
-<h1>An error occurred!</h1>
-<p>""", str(e).encode(), b"""</p>
+<h1>An error occurred!</h1>""",
+u"".join(u"<p>%s</p>" % cgi.escape(s) for s in type(u"")(e).split(u"\n")).encode('utf-8'),
+b"""
 </body>
 </html>
 """ ]