fix: Use more strict sanitation

requirements.txt

@@ -9,4 +9,5 @@ py3dns
 passlib
 argon2-cffi
 mysql-connector-python
-beautifulsoup4
+beautifulsoup4
+html-sanitizer

sites/website.py

@@ -1,5 +1,6 @@
 from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory
 from bs4 import BeautifulSoup
+import html_sanitizer
 
 def render(data):
     if data == "":
@@ -10,7 +11,9 @@ def render(data):
         for script in soup.find_all('script'):
             script.extract()
         modified_data = str(soup)
-        return render_template_string(modified_data)
+        default_settings = dict(html_sanitizer.sanitizer.DEFAULT_SETTINGS)
+        sanitizer = html_sanitizer.Sanitizer(default_settings)        
+        return render_template_string(str(sanitizer.sanitize(modified_data)))
 
 
     except Exception as e: