From 20908f863268f43367c02c4050644d5ab4811170 Mon Sep 17 00:00:00 2001 From: JustAnotherArchivist Date: Sat, 10 Oct 2020 22:57:03 +0000 Subject: [PATCH] Escape all the things --- irclog.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/irclog.py b/irclog.py index 1c8c95f..fccf93c 100644 --- a/irclog.py +++ b/irclog.py @@ -747,7 +747,7 @@ class WebServer: self.logger.info(f'Received request {id(request)} from {request.remote!r} for {request.path!r}') lines = [] for path, (channel, auth) in self._paths.items(): - lines.append(f'{"(PW) " if auth else ""}{channel} (search)') + lines.append(f'{"(PW) " if auth else ""}{html.escape(channel)} (search)') return aiohttp.web.Response(text = f'{"
".join(lines)}', content_type = 'text/html') def _raw_to_lines(self, f, filter = lambda dt, command, content: True): @@ -785,7 +785,7 @@ class WebServer: fn = date.strftime('%Y-%m.log') with open(os.path.join(self.config['storage']['path'], request.match_info["path"], fn), 'r') as fp: lines = list(self._raw_to_lines(fp, filter = lambda ts, command, content: dateStart <= ts <= dateEnd)) - return aiohttp.web.Response(text = f'{self.logStyleTag}Previous day Next day

' + self._render_log(lines, request.match_info['path']) + '', content_type = 'text/html') + return aiohttp.web.Response(text = f'{self.logStyleTag}Previous day Next day

' + self._render_log(lines, request.match_info['path']) + '', content_type = 'text/html') async def search(self, request): self.logger.info(f'Received request {id(request)} from {request.remote!r} for {request.path!r}')