adding escape() and Markup()

2022-02-22 10:44:18 +01:00 · 2022-02-22 10:44:18 +01:00 · 7db66e0f6b
commit 7db66e0f6b
parent e257d5359e
1 changed files with 4 additions and 4 deletions
--- a/octomode.py
+++ b/octomode.py
@ -5,7 +5,7 @@ from urllib.request import urlopen
 from urllib.parse import urlencode

 # To sanitize Flask input fields
-from flask import escape
+from markupsafe import Markup, escape

 # To sanitize Markdown input
 import markdown
@ -79,9 +79,9 @@ def md_to_html(md_pad_content):
 	# Sanitize the Markdown
 	# html = bleach.clean(html)
 	
-	# Another way to Sanitize
-	from markupsafe import Markup
-	html = Markup(html) # Maybe not safe enough?
+	# Another built-in Flask way to sanitize
+	html = escape(html) 
+	html = Markup(html)
 	
 	return html