HTML INJECTIONS!!
This commit is contained in:
parent
12661e9006
commit
155d905898
1 changed files with 1 additions and 1 deletions
|
@ -21,7 +21,7 @@ try:
|
||||||
username=form["username"].value
|
username=form["username"].value
|
||||||
message=form["message"].value
|
message=form["message"].value
|
||||||
timestamp=int(time.time())
|
timestamp=int(time.time())
|
||||||
data={"name":form["title"],"markdown":message,"author":username,"date":timestamp}
|
data={"name":cgi.escape(form["title"]),"markdown":cgi.escape(message),"author":cgi.escape(username),"date":timestamp}
|
||||||
storage.append("comments-%i"%aid,data)
|
storage.append("comments-%i"%aid,data)
|
||||||
except KeyError:
|
except KeyError:
|
||||||
pass
|
pass
|
||||||
|
|
Loading…
Reference in a new issue