diff --git a/app/main.py b/app/main.py index d903bf4..e311bb0 100644 --- a/app/main.py +++ b/app/main.py @@ -6,6 +6,7 @@ # Written permission must be obtained from the author for commercial uses. ########################################################################### +from flask import escape from Login import * from Article import * import Yaml @@ -81,7 +82,7 @@ def mainpage(): :return: 主界面 ''' if request.method == 'POST': # when we submit a form - content = request.form['content'] + content = escape(request.form['content']) f = WordFreq(content) lst = f.get_freq() # save history diff --git a/app/user_service.py b/app/user_service.py index 5148a60..79c7888 100644 --- a/app/user_service.py +++ b/app/user_service.py @@ -115,7 +115,7 @@ def userpage(username): user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username) if request.method == 'POST': # when we submit a form - content = request.form['content'] + content = escape(request.form['content']) f = WordFreq(content) lst = f.get_freq() return render_template('userpage_post.html',username=username,lst = lst, yml=Yaml.yml)