From 066c3127c1e85faa0a9fa0ab63b72f430a5e83fe Mon Sep 17 00:00:00 2001
From: GerardoP <gerardopaleo@gmail.com>
Date: Thu, 5 Nov 2020 22:06:39 -0800
Subject: [PATCH] Add code to prevent cross-site scripting attack.

---
 main.py          | 13 ++++---------
 requirements.txt | 14 +++++++-------
 2 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/main.py b/main.py
index fd03988..3707f4f 100644
--- a/main.py
+++ b/main.py
@@ -2,17 +2,16 @@
 import base64
 
 from flask import Flask, request
-from model import Message 
+from model import Message
 
 app = Flask(__name__)
 
+
 @app.route('/', methods=['GET', 'POST'])
 def home():
-
     if request.method == 'POST':
         m = Message(content=request.form['content'])
         m.save()
-
     body = """
 <html>
 <body>
@@ -22,21 +21,17 @@ def home():
     <textarea name="content"></textarea>
     <input type="submit" value="Submit">
 </form>
-
 <h2>Wisdom From Your Fellow Classmates</h2>
 """
-    
     for m in Message.select():
         body += """
 <div class="message">
 {}
 </div>
-""".format(m.content)
-
-    return body 
+""".format(m.content.replace('<', '&lt;').replace('>', '&gt;'))
+    return body
 
 
 if __name__ == "__main__":
     port = int(os.environ.get("PORT", 6738))
     app.run(host='0.0.0.0', port=port)
-
diff --git a/requirements.txt b/requirements.txt
index b4ca511..e84971f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
-click==6.7
-Flask==1.0.2
-itsdangerous==0.24
-Jinja2==2.10
-MarkupSafe==1.0
-peewee==3.3.4
-Werkzeug==0.14.1
+click==7.1.2
+Flask==1.1.2
+itsdangerous==1.1.0
+Jinja2==2.11.2
+MarkupSafe==1.1.1
+peewee==3.13.3
+Werkzeug==1.0.1