fix: Use more strict sanitation
All checks were successful
Build Docker / Build Main Image (push) Successful in 39s
Build Docker / Build SLDs Image (push) Successful in 40s

This commit is contained in:
Nathan Woodburn 2023-11-08 23:04:21 +11:00
parent 3ba951fa42
commit 7b4619cead
Signed by: nathanwoodburn
GPG Key ID: 203B000478AD0EF1
2 changed files with 6 additions and 2 deletions

View File

@ -10,3 +10,4 @@ passlib
argon2-cffi argon2-cffi
mysql-connector-python mysql-connector-python
beautifulsoup4 beautifulsoup4
html-sanitizer

View File

@ -1,5 +1,6 @@
from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory
from bs4 import BeautifulSoup from bs4 import BeautifulSoup
import html_sanitizer
def render(data): def render(data):
if data == "": if data == "":
@ -10,7 +11,9 @@ def render(data):
for script in soup.find_all('script'): for script in soup.find_all('script'):
script.extract() script.extract()
modified_data = str(soup) modified_data = str(soup)
return render_template_string(modified_data) default_settings = dict(html_sanitizer.sanitizer.DEFAULT_SETTINGS)
sanitizer = html_sanitizer.Sanitizer(default_settings)
return render_template_string(str(sanitizer.sanitize(modified_data)))
except Exception as e: except Exception as e: