Merge pull request 'Hui-EscapeUserInput' (#53) from Hui-EscapeUserInput into master

Reviewed-on: http://121.4.94.30:3000/mrlan/EnglishPal/pulls/53
mrlan 2022-07-29 16:20:01 +08:00
commit 7663dfb8f4
3 changed files with 5 additions and 4 deletions

View File

@ -6,6 +6,7 @@
# Written permission must be obtained from the author for commercial uses. # Written permission must be obtained from the author for commercial uses.
########################################################################### ###########################################################################
from flask import escape
from Login import * from Login import *
from Article import * from Article import *
import Yaml import Yaml
@ -81,7 +82,7 @@ def mainpage():
:return: 主界面 :return: 主界面
''' '''
if request.method == 'POST': # when we submit a form if request.method == 'POST': # when we submit a form
content = request.form['content'] content = escape(request.form['content'])
f = WordFreq(content) f = WordFreq(content)
lst = f.get_freq() lst = f.get_freq()
# save history # save history

View File

@ -30,7 +30,7 @@
: :
<a href='http://youdao.com/w/eng/{{word}}/#keyfrom=dict2.index' title={{word}}>{{word}}</a> <a href='http://youdao.com/w/eng/{{word}}/#keyfrom=dict2.index' title={{word}}>{{word}}</a>
({{x[1]}}) ({{x[1]}})
<input type="checkbox" name="marked" value={{word}}> <input type="checkbox" name="marked" value="{{word}}">
</p> </p>
{% endfor %} {% endfor %}
@ -42,4 +42,4 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
</body> </body>
</html> </html>

View File

@ -115,7 +115,7 @@ def userpage(username):
user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username) user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username)
if request.method == 'POST': # when we submit a form if request.method == 'POST': # when we submit a form
content = request.form['content'] content = escape(request.form['content'])
f = WordFreq(content) f = WordFreq(content)
lst = f.get_freq() lst = f.get_freq()
return render_template('userpage_post.html',username=username,lst = lst, yml=Yaml.yml) return render_template('userpage_post.html',username=username,lst = lst, yml=Yaml.yml)