sqozz/schort
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add escaping to displayed URLs

Browse source
This commit is contained in:
sqozz 2018-04-07 02:31:03 +02:00
parent d736965dce
commit c5adc1e3fa
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
schort.py
View file

@ -1,5 +1,5 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
from flask import Flask, render_template, url_for, request, redirect, abort from flask import Flask, render_template, url_for, request, redirect, abort, escape
import sqlite3, random, string, time, hashlib, base64 import sqlite3, random, string, time, hashlib, base64
from urllib.parse import urlparse from urllib.parse import urlparse
@ -21,10 +21,12 @@ def short(shortLink=""):
parsedUrl = urlparse(url) parsedUrl = urlparse(url)
if parsedUrl.scheme == "": if parsedUrl.scheme == "":
url = "http://" + url url = "http://" + url
if "resolve" in request.args: if "resolve" in request.args:
return url return escape(url)
else: else:
if noauto: if noauto:
url = escape(url)
return "<a href=" + url + ">" + url + "</a>" return "<a href=" + url + ">" + url + "</a>"
else: else:
return redirect(url, code=301) # Redirect to long URL saved in the database return redirect(url, code=301) # Redirect to long URL saved in the database