From eb2c5797cb756ea32a623a15e2e29878321d5316 Mon Sep 17 00:00:00 2001 From: Elijah Steres Date: Wed, 6 Jan 2021 14:14:19 -0500 Subject: [PATCH] Fix js injection vulnerability --- templates/game_box.html | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/templates/game_box.html b/templates/game_box.html index c4d1d1d..d94ac25 100644 --- a/templates/game_box.html +++ b/templates/game_box.html @@ -5,18 +5,18 @@ src={% if state.bases[number] %}"/static/img/base_filled.png" alt="{{state.bases {% if number <= state.outs %}/static/img/out_out.png{% else %}/static/img/out_in.png{% endif %} {%- endmacro %}
-
Inning: {% if state.display_top_of_inning == true %}🔼{% else %}🔽{% endif %} {{ state.display_inning }}/{{ state.max_innings }}
-
{{ state.title }}
-
{{ state.weather_emoji }} {{ state.weather_text }}
+
Inning: {% if state.display_top_of_inning == true %}🔼{% else %}🔽{% endif %} {{ state.display_inning | escape }}/{{ state.max_innings | escape }}
+
{{ state.title | escape }}
+
{{ state.weather_emoji | escape }} {{ state.weather_text | escape }}
-
{{ state.away_name }}
+
{{ state.away_name | escape }}
{{ state.away_score }}
-
{{ state.home_name }}
+
{{ state.home_name | escape }}
{{ state.home_score }}
@@ -38,16 +38,16 @@ src={% if state.bases[number] %}"/static/img/base_filled.png" alt="{{state.bases
PITCHER
-
{{ state.pitcher }}
+
{{ state.pitcher | escape }}
BATTER
-
{{ state.batter }}
+
{{ state.batter | escape }}
-
{{ state.update_emoji }}
-
{{ state.update_text }}
+
{{ state.update_emoji | escape }}
+
{{ state.update_text | escape }}
-
{% if state.display_top_of_inning == true %}{{ state.away_name }}{% else %}{{ state.home_name }}{% endif %} batting.
-
{{ state.leagueoruser }} (share)
+
{% if state.display_top_of_inning == true %}{{ state.away_name | escape }}{% else %}{{ state.home_name | escape }}{% endif %} batting.
+
{{ state.leagueoruser | escape }} (share)
\ No newline at end of file