Prevent injections

2024-11-23 19:44:20 +00:00 · 2018-06-07 11:59:15 +02:00 · 2018-06-07 11:59:15 +02:00 · d6474a2f97
commit d6474a2f97
parent 440ee10fa5
1 changed files with 1 additions and 1 deletions
--- a/webserver.py
+++ b/webserver.py
@ -109,7 +109,7 @@ def page_setcss():
            abort(403)
            return
        css = request.form.get("css", "")
-        if "<style" in css:
+        if "</style" in css:
            abort(400)
            return
        if ccss is None: