fix small javascript injection attack

requirements.txt

@@ -1 +1,2 @@
-flask
+flask
+bleach

utils/app.py

@@ -1,7 +1,14 @@
 from flask import request, redirect, session, render_template, send_from_directory, Flask, url_for
+import bleach
 
 import generate
 
+def sanitize_html(html):
+    # Allow only a limited set of tags and attributes
+    allowed_tags = ['a', 'b', 'i', 'em', 'strong']
+    allowed_attributes = {'a': ['href']}
+    return bleach.clean(html, tags=allowed_tags, attributes=allowed_attributes)
+
 app = Flask(__name__)
 
 @app.route('/', methods=['GET', 'POST'])
@@ -15,6 +22,7 @@ def index():
 @app.route('/result')
 def result():
     ip = request.args.get('ip')
+    ip = sanitize_html(ip)
     return render_template('result.j2', result=ip)
 
 @app.route('/assets/style.css')