fixed splite injektion
This commit is contained in:
parent
7593bca63a
commit
5c3ebcfa29
1 changed files with 4 additions and 3 deletions
7
main.py
7
main.py
|
@ -9,6 +9,7 @@ import sys
|
||||||
import uuid
|
import uuid
|
||||||
import json
|
import json
|
||||||
import urllib.parse
|
import urllib.parse
|
||||||
|
from markupsafe import escape
|
||||||
|
|
||||||
db_path = 'mate.db'
|
db_path = 'mate.db'
|
||||||
conn = sqlite3.connect(db_path, check_same_thread=False)
|
conn = sqlite3.connect(db_path, check_same_thread=False)
|
||||||
|
@ -35,7 +36,7 @@ def exit_handler():
|
||||||
#website
|
#website
|
||||||
@app.route("/")
|
@app.route("/")
|
||||||
def index():
|
def index():
|
||||||
return '<a href="/list">user and tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p><br style="line-height: 500%;"></br><a href="/documentation">Doumentation</a>'
|
return '<a href="/list">user anfrom markupsafe import escaped tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p><br style="line-height: 500%;"></br><a href="/documentation">Doumentation</a>'
|
||||||
|
|
||||||
@app.route("/list")
|
@app.route("/list")
|
||||||
def list():
|
def list():
|
||||||
|
@ -44,7 +45,7 @@ def list():
|
||||||
text = ""
|
text = ""
|
||||||
for i in users:
|
for i in users:
|
||||||
username = urllib.parse.quote_plus(i[1])
|
username = urllib.parse.quote_plus(i[1])
|
||||||
text = text + f'<p><a href="list/user?user={username}">{username}</a>: {i[2]} <form action="/change" method="get"><input name="id" type="hidden" value="{i[0]}"> Change balance: <input name="change"><input type="submit"></form></p> <br style="line-height: 50%;"></br>'
|
text = text + f'<p><a href="list/user?user={username}">{escape(i[1])}</a>: {i[2]} <form action="/change" method="get"><input name="id" type="hidden" value="{i[0]}"> Change balance: <input name="change"><input type="submit"></form></p> <br style="line-height: 50%;"></br>'
|
||||||
return '''<!DOCTYPE html>
|
return '''<!DOCTYPE html>
|
||||||
<html lang="en">
|
<html lang="en">
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.1/socket.io.js" integrity="sha512-q/dWJ3kcmjBLU4Qc47E4A9kTB4m3wuTY7vkFJDTZKjTs8jhyGQnaUrxa0Ytd0ssMZhbNua9hE+E7Qv1j+DyZwA==" crossorigin="anonymous"></script>
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.1/socket.io.js" integrity="sha512-q/dWJ3kcmjBLU4Qc47E4A9kTB4m3wuTY7vkFJDTZKjTs8jhyGQnaUrxa0Ytd0ssMZhbNua9hE+E7Qv1j+DyZwA==" crossorigin="anonymous"></script>
|
||||||
|
@ -78,7 +79,7 @@ def user_info():
|
||||||
var socket = io();
|
var socket = io();
|
||||||
""" + 'socket.on("update", function(){ window.location="http://matekasse.server.c3h/list/user?user=' + username + '"});' + f"""
|
""" + 'socket.on("update", function(){ window.location="http://matekasse.server.c3h/list/user?user=' + username + '"});' + f"""
|
||||||
</script>
|
</script>
|
||||||
<p> {user[1]} : {user[2]} <p>
|
<p> {escape(user[1])} : {user[2]} <p>
|
||||||
<form action="/addtag" method="get"><input name="id" type="hidden" value="{user[0]}"><button type="submit">Add Tag</button></form>
|
<form action="/addtag" method="get"><input name="id" type="hidden" value="{user[0]}"><button type="submit">Add Tag</button></form>
|
||||||
<form action="/removetag" method="get"><input name="id" type="hidden" value="{user[0]}"><button type="submit">Remove Tag</button></form>
|
<form action="/removetag" method="get"><input name="id" type="hidden" value="{user[0]}"><button type="submit">Remove Tag</button></form>
|
||||||
</p><form action="/change" method="get"><input name="id" type="hidden" value="{user[0]}"> Change balance: <input name="change"><input type="submit"></form>
|
</p><form action="/change" method="get"><input name="id" type="hidden" value="{user[0]}"> Change balance: <input name="change"><input type="submit"></form>
|
||||||
|
|
Loading…
Reference in a new issue