From 48e98cbfc34e28a4eefc930533e8a47175ee54c1 Mon Sep 17 00:00:00 2001 From: fram3d Date: Wed, 14 Feb 2024 00:04:00 +0100 Subject: [PATCH] add more user input santitation --- taskmanager/routes.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/taskmanager/routes.py b/taskmanager/routes.py index e8aa80f..8e882b3 100644 --- a/taskmanager/routes.py +++ b/taskmanager/routes.py @@ -29,7 +29,7 @@ def addtask(): username = request.form['username'] # Input sanitation # Task name - if not taskname.isprintable(): + if not taskname.printable() or ("<" in taskname and ">" in taskname): return render_template('pages/response.html', response = "Task name has to be made only of letters or numbers.") if len(taskname) < 1 or len(taskname) > 40: return render_template('pages/response.html', response = "Task name lenght invalid, only smaller then 40 charachters allowed") @@ -47,7 +47,7 @@ def addtask(): # Task descripton if taskdesc != '': - if not taskdesc.isprintable(): + if not taskdesc.isprintable() or ("<" in taskdesc and ">" in taskdesc): return render_template('pages/response.html', response = "Task description has to be made of printable characters.") if len(taskdesc) > 2000: return render_template('pages/response.html', response = "Task description lenght invalid, only smaller then 2000 charachters allowed") @@ -76,7 +76,7 @@ def register(): # Contact if contact != '': - if not contact.isprintable(): + if not contact.isprintable() or ("<" in contact and ">" in contact): return render_template('pages/response.html', response = "Contact information has to be made of printable characters.") if len(contact) > 100: return render_template('pages/response.html', response = "Contact lenght invalid, only smaller then 100 charachters allowed")