fix: Use more strict sanitation
This commit is contained in:
parent
3ba951fa42
commit
7b4619cead
@ -10,3 +10,4 @@ passlib
|
|||||||
argon2-cffi
|
argon2-cffi
|
||||||
mysql-connector-python
|
mysql-connector-python
|
||||||
beautifulsoup4
|
beautifulsoup4
|
||||||
|
html-sanitizer
|
@ -1,5 +1,6 @@
|
|||||||
from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory
|
from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory
|
||||||
from bs4 import BeautifulSoup
|
from bs4 import BeautifulSoup
|
||||||
|
import html_sanitizer
|
||||||
|
|
||||||
def render(data):
|
def render(data):
|
||||||
if data == "":
|
if data == "":
|
||||||
@ -10,7 +11,9 @@ def render(data):
|
|||||||
for script in soup.find_all('script'):
|
for script in soup.find_all('script'):
|
||||||
script.extract()
|
script.extract()
|
||||||
modified_data = str(soup)
|
modified_data = str(soup)
|
||||||
return render_template_string(modified_data)
|
default_settings = dict(html_sanitizer.sanitizer.DEFAULT_SETTINGS)
|
||||||
|
sanitizer = html_sanitizer.Sanitizer(default_settings)
|
||||||
|
return render_template_string(str(sanitizer.sanitize(modified_data)))
|
||||||
|
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
Loading…
Reference in New Issue
Block a user