Non-ASCII query strings make input sites sad (UnicodeDecodeError)

VERIFIED FIXED in 3.5

Status

Input
General
VERIFIED FIXED
7 years ago
7 years ago

People

(Reporter: michaelk, Assigned: michaelk)

Tracking

Details

(Assignee)

Description

7 years ago
We got lots of failmail today from an automated XSS attempt.


Traceback (most recent call last):

...
 File ".../reporter/apps/website_issues/views.py", line 131, in single_site
   request.META['QUERY_STRING'])

UnicodeDecodeError: 'ascii' codec can't decode byte 0xbc in position 14: ordinal not in range(128)


<WSGIRequest
GET:<QueryDict: {u'show_one_offs': [u'\ufffdscript\ufffdalert(\ufffdXSS\ufffd)\ufffd/script\ufffdTrue']}>,
...
'QUERY_STRING': 'show_one_offs=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbeTrue',
...



Same for  

...
 File ".../reporter/apps/website_issues/views.py", line 98, in website_issues
   request.META['QUERY_STRING']
...
(Assignee)

Updated

7 years ago
Assignee: nobody → michael

Updated

7 years ago
Target Milestone: --- → 3.5
(Assignee)

Comment 1

7 years ago
Resolved fixed
https://github.com/fwenzel/reporter/commit/fcf855
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
QA verified. Thx for fixing this ... fewer fail mail for all :)
Status: RESOLVED → VERIFIED
Component: Input → General
Product: Webtools → Input
You need to log in before you can comment on or make changes to this bug.