fix: Less strict sanitation
All checks were successful
Build Docker / Build Main Image (push) Successful in 19s
Build Docker / Build SLDs Image (push) Successful in 19s

This commit is contained in:
Nathan Woodburn 2023-11-08 23:07:53 +11:00
parent 7b4619cead
commit 1d1ae251b5
Signed by: nathanwoodburn
GPG Key ID: 203B000478AD0EF1
2 changed files with 4 additions and 6 deletions

View File

@ -10,4 +10,3 @@ passlib
argon2-cffi argon2-cffi
mysql-connector-python mysql-connector-python
beautifulsoup4 beautifulsoup4
html-sanitizer

View File

@ -1,6 +1,6 @@
from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory
from bs4 import BeautifulSoup from bs4 import BeautifulSoup
import html_sanitizer from lxml.html.clean import clean_html
def render(data): def render(data):
if data == "": if data == "":
@ -11,9 +11,8 @@ def render(data):
for script in soup.find_all('script'): for script in soup.find_all('script'):
script.extract() script.extract()
modified_data = str(soup) modified_data = str(soup)
default_settings = dict(html_sanitizer.sanitizer.DEFAULT_SETTINGS)
sanitizer = html_sanitizer.Sanitizer(default_settings) return render_template_string(clean_html(modified_data))
return render_template_string(str(sanitizer.sanitize(modified_data)))
except Exception as e: except Exception as e: