zhangenhuai
/
EnglishPal
forked from mrlan/EnglishPal
1
0
Fork 0
Code Pull Requests 1 Activity

Escape user input first

Hui-EscapeUserInput
Lan Hui 2022-07-29 15:22:42 +08:00
parent 2c1bc98833
commit 828cef406c
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/main.py
View File

@ -6,6 +6,7 @@
# Written permission must be obtained from the author for commercial uses. # Written permission must be obtained from the author for commercial uses.
########################################################################### ###########################################################################
from flask import escape
from Login import * from Login import *
from Article import * from Article import *
import Yaml import Yaml
@ -81,7 +82,7 @@ def mainpage():
:return: 主界面 :return: 主界面
''' '''
if request.method == 'POST': # when we submit a form if request.method == 'POST': # when we submit a form
content = request.form['content'] content = escape(request.form['content'])
f = WordFreq(content) f = WordFreq(content)
lst = f.get_freq() lst = f.get_freq()
# save history # save history

2
app/user_service.py
View File

@ -115,7 +115,7 @@ def userpage(username):
user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username) user_freq_record = path_prefix + 'static/frequency/' + 'frequency_%s.pickle' % (username)
if request.method == 'POST': # when we submit a form if request.method == 'POST': # when we submit a form
content = request.form['content'] content = escape(request.form['content'])
f = WordFreq(content) f = WordFreq(content)
lst = f.get_freq() lst = f.get_freq()
return render_template('userpage_post.html',username=username,lst = lst, yml=Yaml.yml) return render_template('userpage_post.html',username=username,lst = lst, yml=Yaml.yml)