HTML-escape logs on web page.

2025-04-25 20:41:19 -05:00 · 2021-06-29 04:56:04 +02:00 · 2021-06-29 04:56:04 +02:00 · 980d067bf3
commit 980d067bf3
parent 7de2ddf161
1 changed files with 2 additions and 1 deletions
--- a/server.py
+++ b/server.py
@ -181,7 +181,8 @@ class MyHandler(http.server.BaseHTTPRequestHandler):
 								body.append('<ul>')
 								for line in log.split('\n'):
 									if line != '':
-										body.append('<li>%s</li>' % line)
+										body.append('<li>%s</li>' % line.replace(
+											'&','&amp;').replace('<','&lt;').replace('>','&gt;').replace('"','&quot;'))
 								body.append('</ul>')
 					c.execute("""SELECT oper,at,comment FROM comments WHERE ban_id=?""",(id,))
 					r = c.fetchall()