Escape input in bold_md filter before wrapping in Markup (stored XSS) #6
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Severity: high
Category: security
Location:
app.py:43-47Problem
bold_mdregex-substitutes then wraps inMarkup(), disabling auto-escaping. Inputs include category names sourced from imported CSV/PDF, so<script>in that data would render unescaped.Suggested fix
Escape first:
re.sub(r'\*\*(.+?)\*\*', r'<strong>\1</strong>', str(markupsafe.escape(text))).Filed by automated code review.