Fixed CVE-2017-12794 -- Fixed XSS possibility in traceback section of technical 500 debug page.

This is a security fix.

tests/view_tests/tests/test_debug.py

@@ -349,10 +349,10 @@ class ExceptionReporterTests(SimpleTestCase):
         request = self.rf.get('/test_view/')
         try:
             try:
-                raise AttributeError('Top level')
+                raise AttributeError(mark_safe('<p>Top level</p>'))
             except AttributeError as explicit:
                 try:
-                    raise ValueError('Second exception') from explicit
+                    raise ValueError(mark_safe('<p>Second exception</p>')) from explicit
                 except ValueError:
                     raise IndexError(mark_safe('<p>Final exception</p>'))
         except Exception:
@@ -366,13 +366,13 @@ class ExceptionReporterTests(SimpleTestCase):
         html = reporter.get_traceback_html()
         # Both messages are twice on page -- one rendered as html,
         # one as plain text (for pastebin)
-        self.assertEqual(2, html.count(explicit_exc.format("Top level")))
-        self.assertEqual(2, html.count(implicit_exc.format("Second exception")))
+        self.assertEqual(2, html.count(explicit_exc.format('&lt;p&gt;Top level&lt;/p&gt;')))
+        self.assertEqual(2, html.count(implicit_exc.format('&lt;p&gt;Second exception&lt;/p&gt;')))
         self.assertEqual(10, html.count('&lt;p&gt;Final exception&lt;/p&gt;'))
 
         text = reporter.get_traceback_text()
-        self.assertIn(explicit_exc.format("Top level"), text)
-        self.assertIn(implicit_exc.format("Second exception"), text)
+        self.assertIn(explicit_exc.format('<p>Top level</p>'), text)
+        self.assertIn(implicit_exc.format('<p>Second exception</p>'), text)
         self.assertEqual(3, text.count('<p>Final exception</p>'))
 
     def test_reporting_frames_without_source(self):