1
0
Fork 0
forked from bton/matekasse

fixed splite injektion

This commit is contained in:
2000-Trek 2023-06-21 22:24:19 +02:00
parent 638694e88e
commit 7593bca63a

View file

@ -44,7 +44,7 @@ def list():
text = ""
for i in users:
username = urllib.parse.quote_plus(i[1])
text = text + f'<p><a href="list/user?user={username}">{i[1]}</a>: {i[2]} <form action="/change" method="get"><input name="id" type="hidden" value="{i[0]}"> Change balance: <input name="change"><input type="submit"></form></p> <br style="line-height: 50%;"></br>'
text = text + f'<p><a href="list/user?user={username}">{username}</a>: {i[2]} <form action="/change" method="get"><input name="id" type="hidden" value="{i[0]}"> Change balance: <input name="change"><input type="submit"></form></p> <br style="line-height: 50%;"></br>'
return '''<!DOCTYPE html>
<html lang="en">
<script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.0.1/socket.io.js" integrity="sha512-q/dWJ3kcmjBLU4Qc47E4A9kTB4m3wuTY7vkFJDTZKjTs8jhyGQnaUrxa0Ytd0ssMZhbNua9hE+E7Qv1j+DyZwA==" crossorigin="anonymous"></script>