fix: Use more strict sanitation

2023-11-08 23:04:21 +11:00 · 2023-11-08 23:04:21 +11:00 · 7b4619cead
commit 7b4619cead
parent 3ba951fa42
2 changed files with 6 additions and 2 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -9,4 +9,5 @@ py3dns
 passlib
 argon2-cffi
 mysql-connector-python
-beautifulsoup4
+beautifulsoup4
 html-sanitizer
--- a/sites/website.py
+++ b/sites/website.py
@ -1,5 +1,6 @@
 from flask import Flask, make_response, redirect, render_template_string, request, jsonify, render_template, send_from_directory
 from bs4 import BeautifulSoup
 import html_sanitizer
 def render(data):
    if data == "":
@ -10,7 +11,9 @@ def render(data):
        for script in soup.find_all('script'):
            script.extract()
        modified_data = str(soup)
-        return render_template_string(modified_data)
+        default_settings = dict(html_sanitizer.sanitizer.DEFAULT_SETTINGS)
        sanitizer = html_sanitizer.Sanitizer(default_settings)        
        return render_template_string(str(sanitizer.sanitize(modified_data)))
    except Exception as e: