Spaces:
Runtime error
Runtime error
Update app.py
Browse files
app.py
CHANGED
|
@@ -22,7 +22,6 @@ import logging
|
|
| 22 |
import asyncio
|
| 23 |
from functools import lru_cache
|
| 24 |
import hashlib
|
| 25 |
-
import bleach
|
| 26 |
from concurrent.futures import ThreadPoolExecutor
|
| 27 |
|
| 28 |
# ========== CONFIGURATION ==========
|
|
@@ -148,7 +147,13 @@ def sanitize_input(text: str) -> str:
|
|
| 148 |
"""Sanitize user input to prevent XSS and injection attacks."""
|
| 149 |
if not text:
|
| 150 |
return ""
|
| 151 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 152 |
|
| 153 |
def validate_name(name: str) -> str:
|
| 154 |
"""Validate name input."""
|
|
|
|
| 22 |
import asyncio
|
| 23 |
from functools import lru_cache
|
| 24 |
import hashlib
|
|
|
|
| 25 |
from concurrent.futures import ThreadPoolExecutor
|
| 26 |
|
| 27 |
# ========== CONFIGURATION ==========
|
|
|
|
| 147 |
"""Sanitize user input to prevent XSS and injection attacks."""
|
| 148 |
if not text:
|
| 149 |
return ""
|
| 150 |
+
# Basic HTML escaping and removal of potentially dangerous characters
|
| 151 |
+
text = html.escape(text.strip())
|
| 152 |
+
# Remove any remaining HTML tags
|
| 153 |
+
text = re.sub(r'<[^>]*>', '', text)
|
| 154 |
+
# Remove potentially dangerous characters
|
| 155 |
+
text = re.sub(r'[^\w\s\-.,!?@#\$%^&*()+=]', '', text)
|
| 156 |
+
return text
|
| 157 |
|
| 158 |
def validate_name(name: str) -> str:
|
| 159 |
"""Validate name input."""
|