add more user input santitation

2024-02-14 00:04:00 +01:00 · 2024-02-14 00:04:00 +01:00 · 48e98cbfc3
commit 48e98cbfc3
parent 6739e997bc
1 changed files with 3 additions and 3 deletions
--- a/taskmanager/routes.py
+++ b/taskmanager/routes.py
@ -29,7 +29,7 @@ def addtask():
        username = request.form['username']
        # Input sanitation
        # Task name
-        if not taskname.isprintable():
+        if not taskname.printable() or ("<" in taskname and ">" in taskname):
            return render_template('pages/response.html', response = "Task name has to be made only of letters or numbers.")
        if len(taskname) < 1 or len(taskname) > 40:
            return render_template('pages/response.html', response = "Task name lenght invalid, only smaller then 40 charachters allowed")
@ -47,7 +47,7 @@ def addtask():
 
        # Task descripton
        if taskdesc != '':
-            if not taskdesc.isprintable():
+            if not taskdesc.isprintable() or ("<" in taskdesc and ">" in taskdesc):
                return render_template('pages/response.html', response = "Task description has to be made of printable characters.")
            if len(taskdesc) > 2000:
                return render_template('pages/response.html', response = "Task description lenght invalid, only smaller then 2000 charachters allowed")
@ -76,7 +76,7 @@ def register():

        # Contact
        if contact != '':
-            if not contact.isprintable():
+            if not contact.isprintable() or ("<" in contact and ">" in contact):
                return render_template('pages/response.html', response = "Contact information has to be made of printable characters.")
            if len(contact) > 100:
                return render_template('pages/response.html', response = "Contact lenght invalid, only smaller then 100 charachters allowed")