From e366d929508cbdded5d8432ca4e98d10022ab016 Mon Sep 17 00:00:00 2001 From: Alfie King Date: Tue, 22 Apr 2025 14:20:56 +0100 Subject: [PATCH] update --- readme.md | 1 - src/main.py | 8 +++----- src/static/base.css | 4 ++++ 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/readme.md b/readme.md index a7fbe84..625dbe2 100644 --- a/readme.md +++ b/readme.md @@ -3,6 +3,5 @@ prismic is a simple messageboard made in python ## Planned features - [ ] user board creation -- [ ] markdown support - [ ] custom profiles - [ ] moderation tools \ No newline at end of file diff --git a/src/main.py b/src/main.py index 281310f..c65e6b2 100644 --- a/src/main.py +++ b/src/main.py @@ -1,13 +1,12 @@ from flask import Flask, request, render_template, session, redirect -import database, logging, os, hashlib, html +import database, logging, os, hashlib from flask_session import Session # Global variables SYSTEMUID = None SYSTEMBID = None -allowed_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%£^&()-_=+[]{};:'\",.<>?/\\|`~ " - +ALLOWED_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%£^&()-_=+[]{};:'\",.<>?/\\|`~ \n" # Configure logging console_log = logging.StreamHandler() @@ -70,8 +69,7 @@ def sanitize_input(input_string): if not isinstance(input_string, str): logger.error("Input is not a string.") return None - sanitized = ''.join(c for c in input_string if c in allowed_chars) - sanitized = html.escape(sanitized) + sanitized = ''.join(c for c in input_string if c in ALLOWED_CHARS) logger.info("Sanitized input") return sanitized diff --git a/src/static/base.css b/src/static/base.css index 22fe1f3..5608950 100644 --- a/src/static/base.css +++ b/src/static/base.css @@ -179,4 +179,8 @@ div#nav { display: flex; gap: 10px; margin-top: 20px; +} + +p { + white-space:pre; } \ No newline at end of file