Michael Scherer of Red Hat reports:
ipsilon does not escape HTML when processing http(s) request responses, allowing to inject js code into Python exception message template.
Created ipsilon tracking bugs for this issue:
Affects: fedora-all [bug 1255176]
This issue was discovered by Michael Scherer of Red Hat.
It was found that js code could potentially be injected into Python exception message template.