From 18ea1a5ed424e4ae8564e36104db894cdacc7b59 Mon Sep 17 00:00:00 2001
From: chrysn <chrysn@fsfe.org>
Date: Sat, 20 Apr 2019 15:54:49 +0200
Subject: [PATCH] boxesserver: Allow multi-line errors

Fixing potential cross-site scripting attacks in passing
---
 scripts/boxesserver | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/boxesserver b/scripts/boxesserver
index e5a61fd..73daa9b 100755
--- a/scripts/boxesserver
+++ b/scripts/boxesserver
@@ -317,8 +317,9 @@ Create boxes and more with a laser cutter!
   <meta name="flattr:id" content="456799">
 </head>
 <body>
-<h1>An error occurred!</h1>
-<p>""", str(e).encode(), b"""</p>
+<h1>An error occurred!</h1>""",
+u"".join(u"<p>%s</p>" % cgi.escape(s) for s in type(u"")(e).split(u"\n")).encode('utf-8'),
+b"""
 </body>
 </html>
 """ ]