Prevent Cross Site Scripting (XSS)
Closed this issue · 1 comments
Wouterkoorn commented
All file contents are placed in the HTML without anything preventing XSS.
Simple example: https://inspector.pypi.io/project/inspector-test-package/0.0.0/packages/71/9a/24c8c3286a09bd3f82e17723562493128c6dc89e8fe177b3697bd31bb524/inspector-test-package-0.0.0.tar.gz/inspector-test-package-0.0.0/inspector-test-package/__init__.py
di commented
+1. I defaulted to passing everything through |safe
just to get this up and running, but this should be prevented/preventable.