Fix for XSS bug when searching

2026-05-16 00:25:31 +01:00 · 2015-07-04 23:53:03 -07:00
parent 4029543d51
commit e36440f834
1 changed files with 2 additions and 1 deletions
--- a/headphones/webserve.py
+++ b/headphones/webserve.py
@@ -32,6 +32,7 @@ import random
 import urllib
 import json
 import time
+import cgi
 import sys
 import os

@@ -149,7 +150,7 @@ class WebInterface(object):
            searchresults = mb.findRelease(name, limit=100)
        else:
            searchresults = mb.findSeries(name, limit=100)
-        return serve_template(templatename="searchresults.html", title='Search Results for: "' + name + '"', searchresults=searchresults, name=name, type=type)
+        return serve_template(templatename="searchresults.html", title='Search Results for: "' + cgi.escape(name) + '"', searchresults=searchresults, name=cgi.escape(name), type=type)

    @cherrypy.expose
    def addArtist(self, artistid):