Techly NewsGet the app

Get the latest tech news

Python's official documentation contains textbook example of insecure code (XSS)


Full Disclosure mailing list archives Python's official documentation contains textbook example of insecure code (XSS) From: Georgi Guninski <gguninski () gmail com> Date: Tue, 18 Feb 2025 11:46:54 +0200 Python's official documentation contains textbook example of insecure code (XSS) Date: 2025-02-18 Author: Georgi Guninski From the official Python 3.12 documentation on the CGI module [1] === form = cgi.FieldStorage() if "name" not in form or "addr" not in form: print("<H1>Error</H1>") print("Please fill in the name and addr fields.") return print("<p>name:", form["name"].value) print("<p>addr:", form["addr"].value) ...further form processing here... === This is a textbook example of the Cross Site Scripting (XSS) vulnerability.

From: Georgi Guninski <gguninski () gmail com> Date: Tue, 18 Feb 2025 11:46:54 +0200 By Date Python's official documentation contains textbook example of insecure code (XSS) Georgi Guninski (Feb 20)

Get the Android app

Or read this on Hacker News

Read more on:

Photo of python

python

Photo of XSS

XSS

Photo of insecure code

insecure code

Related news:

News photo

Blockchain that runs Python smart contracts native. No Solidity, no VM overhead

News photo

A tail calling interpreter for Python (already landed in CPython)

News photo

JesseSort: A novel sorting algorithm that is faster than Python's default sort.

« Ask for no, don't ask for yes (2022)
N. Korea seen using ChatGPT in AI education »