Closed Bug 655307 Opened 13 years ago Closed 13 years ago

Non-ASCII query strings make input sites sad (UnicodeDecodeError)

Categories

(Input :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: michaelk, Assigned: michaelk)

Details

We got lots of failmail today from an automated XSS attempt.


Traceback (most recent call last):

...
 File ".../reporter/apps/website_issues/views.py", line 131, in single_site
   request.META['QUERY_STRING'])

UnicodeDecodeError: 'ascii' codec can't decode byte 0xbc in position 14: ordinal not in range(128)


<WSGIRequest
GET:<QueryDict: {u'show_one_offs': [u'\ufffdscript\ufffdalert(\ufffdXSS\ufffd)\ufffd/script\ufffdTrue']}>,
...
'QUERY_STRING': 'show_one_offs=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbeTrue',
...



Same for  

...
 File ".../reporter/apps/website_issues/views.py", line 98, in website_issues
   request.META['QUERY_STRING']
...
Assignee: nobody → michael
Target Milestone: --- → 3.5
Resolved fixed
https://github.com/fwenzel/reporter/commit/fcf855
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
QA verified. Thx for fixing this ... fewer fail mail for all :)
Status: RESOLVED → VERIFIED
Component: Input → General
Product: Webtools → Input
You need to log in before you can comment on or make changes to this bug.