From ebca98caf26fdd10a6c270456ebaccb6c36a9930 Mon Sep 17 00:00:00 2001
From: matteoVT <mjcasari@gmail.com>
Date: Thu, 11 Feb 2021 20:11:46 -0800
Subject: [PATCH] Dealing with xss.

Updated reqs (MarkupSafe==1.0 does not work anymore, needs 1.1.1).
xss dealt with by formatting html.escape characters
---
 main.py          | 3 ++-
 requirements.txt | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/main.py b/main.py
index fd03988..92ee2dc 100644
--- a/main.py
+++ b/main.py
@@ -1,5 +1,6 @@
 import os
 import base64
+import html
 
 from flask import Flask, request
 from model import Message 
@@ -31,7 +32,7 @@ def home():
 <div class="message">
 {}
 </div>
-""".format(m.content)
+""".format(html.escape(m.content))
 
     return body 
 
diff --git a/requirements.txt b/requirements.txt
index b4ca511..7ff63ed 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,6 +2,6 @@ click==6.7
 Flask==1.0.2
 itsdangerous==0.24
 Jinja2==2.10
-MarkupSafe==1.0
+MarkupSafe==1.1.1
 peewee==3.3.4
 Werkzeug==0.14.1