Skip to content

Commit b4b058d

Browse files
iennaeiennae
authored
fix: resolve server-side cross-site scripting
1 parent c0b5f60 commit b4b058d

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

background/app/main.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
import json
2121
import os
2222

23-
from flask import Flask, redirect, render_template, request
23+
from flask import Flask, redirect, render_template, request, escape
2424
from google.cloud import firestore
2525
from google.cloud import pubsub
2626

@@ -61,7 +61,7 @@ def translate():
6161
language (form field 'lang'), by sending a PubSub message to a topic.
6262
"""
6363
source_string = request.form.get("v", "")
64-
to_language = request.form.get("lang", "")
64+
to_language = escape(request.form.get("lang", ""))
6565

6666
if source_string == "":
6767
return "Invalid request, you must provide a value.", 400

0 commit comments

Comments
 (0)