csd4ni3l/loginween
1
0
Fork 0
mirror of https://github.com/csd4ni3l/loginween.git synced 2026-01-01 04:23:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix change username XSS

Browse Source
This commit is contained in:
csd4ni3l
2025-10-24 18:03:16 +02:00
parent ab44901dc0
commit 7c600a2a67
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app.py
View File

@@ -166,7 +166,10 @@ def profile_external(username):
def change_username():
username = flask_login.current_user.id
new_username = request.form["new_username"]
if request.form["new_username"] != html.escape(request.form["new_username"], quote=True):
return "No XSS please"
new_username = html.escape(request.form["new_username"], quote=True)
cur = get_db().cursor()