Browse Source

Migitate XSS attack through specially crafted RSS feed

tags/1.9.0
Leonie 2 months ago
parent
commit
910ae45c5e
1 changed files with 1 additions and 1 deletions
  1. +1
    -1
      backend.py

+ 1
- 1
backend.py View File

@@ -45,7 +45,7 @@ def getpodcast():
response.headers['Access-Control-Allow-Origin'] = '*'
response.content_type = "application/json"
response.set_header("Cache-Control", "public, max-age=600")
return json.dumps(feedparser.parse(q), default=lambda o: '<not serializable>')
return json.dumps(feedparser.parse(q), default=lambda o: '<not serializable>').replace("<script>", "").replace("</script>", "").replace("<iframe>", "").replace("</iframe>", "")

@get("/api/v1/getbanner/<val>")
def getbanner(val):


Loading…
Cancel
Save