From 2468efe6048188622f339dea62b5210dfefd513d Mon Sep 17 00:00:00 2001 From: Yunus AYDIN Date: Fri, 28 Mar 2025 00:22:18 +0300 Subject: [PATCH] Fix Cross Site Scripting Issue (#497) * Update eos.py * ruff format * ruff format --- src/akkudoktoreos/core/dataabc.py | 4 ++-- src/akkudoktoreos/server/eos.py | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/akkudoktoreos/core/dataabc.py b/src/akkudoktoreos/core/dataabc.py index a1d55b7..f272e3f 100644 --- a/src/akkudoktoreos/core/dataabc.py +++ b/src/akkudoktoreos/core/dataabc.py @@ -1224,14 +1224,14 @@ class DataImportMixin: # We jump back by 1 hour # Repeat the value(s) (reuse value index) for i in range(interval_steps_per_hour): - logger.debug(f"{i+1}: Repeat at {next_time} with index {value_index}") + logger.debug(f"{i + 1}: Repeat at {next_time} with index {value_index}") timestamps_with_indices.append((next_time, value_index)) next_time = next_time.add(seconds=interval.total_seconds()) else: # We jump forward by 1 hour # Drop the value(s) logger.debug( - f"{i+1}: Skip {interval_steps_per_hour} at {next_time} with index {value_index}" + f"{i + 1}: Skip {interval_steps_per_hour} at {next_time} with index {value_index}" ) value_index += interval_steps_per_hour diff --git a/src/akkudoktoreos/server/eos.py b/src/akkudoktoreos/server/eos.py index e9bc047..828ef30 100755 --- a/src/akkudoktoreos/server/eos.py +++ b/src/akkudoktoreos/server/eos.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 import argparse +import html import os import subprocess import sys @@ -129,8 +130,8 @@ def create_error_page( return ( ERROR_PAGE_TEMPLATE.replace("STATUS_CODE", status_code) .replace("ERROR_TITLE", error_title) - .replace("ERROR_MESSAGE", error_message) - .replace("ERROR_DETAILS", error_details) + .replace("ERROR_MESSAGE", html.escape(error_message)) + .replace("ERROR_DETAILS", html.escape(error_details)) )