we trusted the user too much

2025-03-23 00:41:45 -05:00 · 2025-03-23 00:41:45 -05:00 · 1c13258ac0
commit 1c13258ac0
parent 6a76dc71bf
1 changed files with 2 additions and 2 deletions
--- a/utils/app.py
+++ b/utils/app.py
@ -5,7 +5,7 @@ import generate

 def sanitize_html(html):
    # Allow only a limited set of tags and attributes
-    allowed_tags = ['a', 'b', 'i', 'em', 'strong']
+    allowed_tags = []
    allowed_attributes = {'a': ['href']}
    return bleach.clean(html, tags=allowed_tags, attributes=allowed_attributes)

@ -55,4 +55,4 @@ def case():
    return render_template('casing.j2')

 if __name__ == '__main__':
-    app.run(debug=True)
+    app.run(debug=True)