Comment 1 for bug 979598

Interesting. I guess the cgitb module is trying to generate output that is both valid as CGI and HTML. Unfortunately I don't believe that "<!--" is a valid field name for a HTTP header, hence why IVLE rejects it (http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 states "field-name" must be a valid token and http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 explicitly disallows the separator "<" from being a valid token). This is probably an upstream Python bug.

Despite this, not working with Python's built-in cgitb module is a pretty poor experience.

The second warning is due to cgitb module needing to be updated in the Python standard library. Looks like it's fixed in newer versions of Python, but in the meantime you can silence it using the warning module (http://docs.python.org/library/warnings.html).