1
Fork 0
mirror of https://github.com/RYGhub/royalnet.git synced 2024-11-24 03:54:20 +00:00

Prevent injections

This commit is contained in:
Steffo 2018-06-07 11:59:15 +02:00
parent 440ee10fa5
commit d6474a2f97

View file

@ -109,7 +109,7 @@ def page_setcss():
abort(403) abort(403)
return return
css = request.form.get("css", "") css = request.form.get("css", "")
if "<style" in css: if "</style" in css:
abort(400) abort(400)
return return
if ccss is None: if ccss is None: