Django -- possible XSS in traceback section of technical 500 debug page
In older versions, HTML autoescaping was disabled in a portion of the template
for the technical 500 debug page. Given the right circumstances, this allowed a
cross-site scripting attack. This vulnerability shouldn't affect most production
sites since you shouldn't run with DEBUG = True (which makes this page accessible)
in your production settings.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright