Fix Cross Site Scripting Issue (#497)

* Update eos.py * ruff format * ruff format
2025-04-19 08:55:15 +00:00 · 2025-03-28 00:22:18 +03:00 · 2025-03-28 00:22:18 +03:00 · 2468efe604
commit 2468efe604
parent 7734c9c32f
2 changed files with 5 additions and 4 deletions
--- a/src/akkudoktoreos/server/eos.py
+++ b/src/akkudoktoreos/server/eos.py
@ -1,6 +1,7 @@
 #!/usr/bin/env python3

 import argparse
+import html
 import os
 import subprocess
 import sys
@ -129,8 +130,8 @@ def create_error_page(
    return (
        ERROR_PAGE_TEMPLATE.replace("STATUS_CODE", status_code)
        .replace("ERROR_TITLE", error_title)
-        .replace("ERROR_MESSAGE", error_message)
-        .replace("ERROR_DETAILS", error_details)
+        .replace("ERROR_MESSAGE", html.escape(error_message))
+        .replace("ERROR_DETAILS", html.escape(error_details))
    )