fix: Less strict sanitation
This commit is contained in:
parent
7b4619cead
commit
1d1ae251b5
@ -9,5 +9,4 @@ py3dns
|
|||||||
passlib
|
passlib
|
||||||
argon2-cffi
|
argon2-cffi
|
||||||
mysql-connector-python
|
mysql-connector-python
|
||||||
beautifulsoup4
|
beautifulsoup4
|
||||||
html-sanitizer
|
|
@ -1,6 +1,6 @@
|
|||||||
from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory
|
from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory
|
||||||
from bs4 import BeautifulSoup
|
from bs4 import BeautifulSoup
|
||||||
import html_sanitizer
|
from lxml.html.clean import clean_html
|
||||||
|
|
||||||
def render(data):
|
def render(data):
|
||||||
if data == "":
|
if data == "":
|
||||||
@ -11,9 +11,8 @@ def render(data):
|
|||||||
for script in soup.find_all('script'):
|
for script in soup.find_all('script'):
|
||||||
script.extract()
|
script.extract()
|
||||||
modified_data = str(soup)
|
modified_data = str(soup)
|
||||||
default_settings = dict(html_sanitizer.sanitizer.DEFAULT_SETTINGS)
|
|
||||||
sanitizer = html_sanitizer.Sanitizer(default_settings)
|
return render_template_string(clean_html(modified_data))
|
||||||
return render_template_string(str(sanitizer.sanitize(modified_data)))
|
|
||||||
|
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
Loading…
Reference in New Issue
Block a user