avoid injection attacks
Browse files
app.py
CHANGED
|
@@ -255,7 +255,8 @@ def get_html(input_text):
|
|
| 255 |
</body>
|
| 256 |
</html>
|
| 257 |
"""
|
| 258 |
-
input_text.replace("'", "")
|
|
|
|
| 259 |
inner_html = inner_html.replace("SOME_DEFAULT_VALUE", input_text)
|
| 260 |
html = f"""
|
| 261 |
<iframe srcdoc='{inner_html}' frameBorder="0" height="450" width="100%" title="Speaker" allow="autoplay; fullscreen; layout-animations; microphone" sandbox="allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads"></iframe>
|
|
|
|
| 255 |
</body>
|
| 256 |
</html>
|
| 257 |
"""
|
| 258 |
+
input_text = input_text.replace("'", "")
|
| 259 |
+
input_text = input_text.replace('"', '')
|
| 260 |
inner_html = inner_html.replace("SOME_DEFAULT_VALUE", input_text)
|
| 261 |
html = f"""
|
| 262 |
<iframe srcdoc='{inner_html}' frameBorder="0" height="450" width="100%" title="Speaker" allow="autoplay; fullscreen; layout-animations; microphone" sandbox="allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads"></iframe>
|