Skip to content

Commit

Permalink
Fix potential XSS vulnerability in break_long_headers template filter (
Browse files Browse the repository at this point in the history
Владислав Савченко committed Jul 5, 2024
1 parent 2da473c commit c729aa2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rest_framework/templatetags/rest_framework.py
Original file line number Diff line number Diff line change
@@ -318,5 +318,5 @@ def break_long_headers(header):
when possible (are comma separated)
"""
if len(header) > 160 and ',' in header:
header = mark_safe('<br> ' + ', <br>'.join(header.split(',')))
header = mark_safe('<br> ' + ', <br>'.join(escape(header).split(',')))
return header

0 comments on commit c729aa2

Please sign in to comment.