GithubBackup/httprunner
1
0
Fork 0
mirror of https://github.com/httprunner/httprunner.git synced 2026-06-08 17:29:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix #155: XSS in Jinja2 rendering

Browse Source
This commit is contained in:
debugtalk
2018-04-10 10:54:47 +08:00
parent 787bf01286
commit 3882f41614
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
httprunner/__about__.py
View File

@@ -1,7 +1,7 @@
__title__ = 'HttpRunner' __title__ = 'HttpRunner'
__description__ = 'One-stop solution for HTTP(S) testing.' __description__ = 'One-stop solution for HTTP(S) testing.'
__url__ = 'https://github.com/HttpRunner/HttpRunner' __url__ = 'https://github.com/HttpRunner/HttpRunner'
__version__ = '1.3.8.beta' __version__ = '1.3.8.beta.2'
__author__ = 'debugtalk' __author__ = 'debugtalk'
__author_email__ = 'mail@debugtalk.com' __author_email__ = 'mail@debugtalk.com'
__license__ = 'MIT' __license__ = 'MIT'

4
httprunner/report.py
View File

@@ -11,7 +11,7 @@ from datetime import datetime
from httprunner import logger from httprunner import logger
from httprunner.__about__ import __version__ from httprunner.__about__ import __version__
from httprunner.compat import basestring, bytes, json, numeric_types from httprunner.compat import basestring, bytes, json, numeric_types
from jinja2 import Template from jinja2 import Template, escape
from requests.structures import CaseInsensitiveDict from requests.structures import CaseInsensitiveDict
@@ -67,7 +67,7 @@ def make_json_serializable(raw_json):
# class instance, e.g. MultipartEncoder() # class instance, e.g. MultipartEncoder()
value = repr(value) value = repr(value)
serializable_json[key] = value serializable_json[key] = escape(value)
keyorder = ["url", "method", "request_headers", "request_body", "request_time", keyorder = ["url", "method", "request_headers", "request_body", "request_time",
"status_code", "response_headers", "response_body", "status_code", "response_headers", "response_body",