Escape blog article

2026-02-26 02:52:06 +01:00
parent 7ff1f6a2aa
commit 7c89dbcd4f
1 changed files with 4 additions and 4 deletions
--- a/views/blog.py
+++ b/views/blog.py
@@ -31,10 +31,10 @@ DESC_SERVER = app.config.get('DESC_SERVER')
 def new_article():
    user = '%s'% escape(session['username'])
    if request.method == 'POST':
-        title = str(request.form['title'])
-        subtitle = str(request.form['subtitle'])
-        category = str(request.form['category']) 
-        content = str(request.form['content'])
+        title = escape(request.form['title'])
+        subtitle = escape(request.form['subtitle'])
+        category = escape(request.form['category']) 
+        content = escape(request.form['content'])
        status = str(request.form['status'])
        post_date = time.strftime("%d/%m/%Y %H:%M:%S")
        if 'blog-unified' in request.form.keys():