From 7c89dbcd4f97ed0332592da3c049ef36dcf0bb9c Mon Sep 17 00:00:00 2001
From: kitoy <kitoy@kitoy.me>
Date: Thu, 26 Feb 2026 02:52:06 +0100
Subject: [PATCH] Escape blog article

---
 views/blog.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/views/blog.py b/views/blog.py
index e2c00ab..c770db8 100644
--- a/views/blog.py
+++ b/views/blog.py
@@ -31,10 +31,10 @@ DESC_SERVER = app.config.get('DESC_SERVER')
 def new_article():
     user = '%s'% escape(session['username'])
     if request.method == 'POST':
-        title = str(request.form['title'])
-        subtitle = str(request.form['subtitle'])
-        category = str(request.form['category']) 
-        content = str(request.form['content'])
+        title = escape(request.form['title'])
+        subtitle = escape(request.form['subtitle'])
+        category = escape(request.form['category']) 
+        content = escape(request.form['content'])
         status = str(request.form['status'])
         post_date = time.strftime("%d/%m/%Y %H:%M:%S")
         if 'blog-unified' in request.form.keys():