Browse Source

adding escape() and Markup()

pull/30/head
manetta 3 years ago
parent
commit
7db66e0f6b
  1. 8
      octomode.py

8
octomode.py

@ -5,7 +5,7 @@ from urllib.request import urlopen
from urllib.parse import urlencode from urllib.parse import urlencode
# To sanitize Flask input fields # To sanitize Flask input fields
from flask import escape from markupsafe import Markup, escape
# To sanitize Markdown input # To sanitize Markdown input
import markdown import markdown
@ -79,9 +79,9 @@ def md_to_html(md_pad_content):
# Sanitize the Markdown # Sanitize the Markdown
# html = bleach.clean(html) # html = bleach.clean(html)
# Another way to Sanitize # Another built-in Flask way to sanitize
from markupsafe import Markup html = escape(html)
html = Markup(html) # Maybe not safe enough? html = Markup(html)
return html return html

Loading…
Cancel
Save