ZOPE2.13.23: escaped HTML tags in NotFound Error Page
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hi,
On a vanilla ZOPE 2.13.23 install the NotFound (404) Error Page contains escaped HTML tags and is not properly displayed by the browser. Also, the traceback includes a copy of the the HTML error message (again with escaped tags).
The patch below fixes the *symptoms* for NotFound. It is however likely that other Exceptions (e.g. all that have their error messages generated by by ZPublisher.
Thank you && best regards,
Mathias
excp_hook_fmt.patch
--- eggs/Zope2-
+++ eggs/Zope2-
@@ -46,6 +46,7 @@
from Persistence import Persistent
from webdav.Resource import Resource
from webdav.xmltools import escape as xml_escape
+from zExceptions import NotFound
from zExceptions import Redirect
from zExceptions.
from zope.interface import implements
@@ -62,6 +63,9 @@
import logging
logger = logging.getLogger()
+# special case formatting for well known pre-formatted (HTML) exceptions
+PREFORMATTED_
+
class Item(Base,
@@ -235,6 +239,9 @@
+ # error message: do not escape if already formatted as HTML
+ if error_type in PREFORMATTED_
+ kwargs[
if getattr(aq_base(s), 'isDocTemp', 0):
@@ -427,6 +434,9 @@
def pretty_tb(t, v, tb, as_html=1):
+ # do dot include message itself in traceback of pre-formatted exceptions
+ if t in PREFORMATTED_
+ v = ''
tb = format_exception(t, v, tb, as_html=as_html)
tb = '\n'.join(tb)
return tb
The zope2 project on Launchpad has been archived at the request of the Zope developers (see https:/ /answers. launchpad. net/launchpad/ +question/ 683589 and https:/ /answers. launchpad. net/launchpad/ +question/ 685285). If this bug is still relevant, please refile it at https:/ /github. com/zopefoundat ion/zope2.