Dev mode 500 error messages do not properly escape < and > from generic bounds
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
play framework |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
If a Play! app in dev mode triggers an Exception (or compile error) with < and > in it (such as from generic bounds), they are not properly escaped, resulting in parts of the error message being interpreted and displayed differently. This seems to be because the 500 tag prints out error messages with .raw(), because the results contain embedded <strong> tags. So the code which adds the <strong> tags needs to ensure that any < and > in the rest of the error string input is escaped.
What is shown on the 500 page:
The file /app/controller
What is printed to the console:
play.exceptions
Changed in play: | |
status: | New → Fix Committed |
milestone: | none → 1.1 |