Description of problem: If a website developed by python-flask run in debug mode,can be XSS by triggering an error。 Version-Release number of selected component (if applicable): <= 0.11.1 How reproducible: Steps to Reproduce: 1.For example,code: from flask import Flask, request app = Flask(__name__) @app.route("/xss-debug-test/", methods=['POST']) def xss_debug_test(): id = int(request.form['id']) return "Hello World!" if __name__ == "__main__": app.run(debug=True) 2.if the hacker posted "id=1</textarea><script>alert(/XSS/)</script>",the JavaScript in payload will be run in client. Actual results: Expected results: Additional info:
*** This bug has been marked as a duplicate of bug 1366844 ***