CodeMirror/ArchiveBox
1
0
Fork 0
mirror of synced 2024-06-23 08:30:29 +12:00
Code Issues Projects Releases Wiki Activity

Update archivebox/index/html.py

Browse source 
mark_safe is dangerous, as the URL's filename could have malicious HTML fragments in it.

Co-authored-by: Nick Sweeting <git@sweeting.me>
This commit is contained in:
Preston Maness 2021-01-25 20:47:57 -06:00 committed by GitHub
parent 1989275944
commit b647581115
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
archivebox/index/html.py
View file

@ -161,4 +161,4 @@ def snapshot_icons(snapshot) -> str:
output += '<a href="{}" class="exists-{}" title="{}">{}</a> '.format(canon["archive_org_path"], str(exists),
"archive_org", icons.get("archive_org", "?"))
return format_html('<span class="files-icons" style="font-size: 1.1em; opacity: 0.8">{}<span>', mark_safe(output))
return format_html('<span class="files-icons" style="font-size: 1.1em; opacity: 0.8">{}<span>', output)