From 8cb32a4642666b4858847e115ed839f5bb50a9ee Mon Sep 17 00:00:00 2001 From: Mike A Date: Sat, 2 Mar 2024 20:21:14 +0100 Subject: [PATCH] Prevent HTML injection errors Resolves #42 --- menus.py | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/menus.py b/menus.py index 9840544..9afff7a 100644 --- a/menus.py +++ b/menus.py @@ -352,10 +352,15 @@ def _get_token(self): time.sleep(2) self.waiting_layout.children = [ - Window(FormattedTextControl(HTML( - '\n\n\n\n\nDone!\n\n' - f'Signed in as {self.app.user.username}#{self.app.user.discriminator}.\n\n' - )), align=WindowAlign.CENTER, wrap_lines=False) + Window( + FormattedTextControl( + HTML( + '\n\n\n\n\nDone!\n\n' + 'Signed in as {}#{}.\n\n' + ).format(self.app.user.username, self.app.user.discriminator) + ), + align=WindowAlign.CENTER, wrap_lines=False + ) ] self.update() @@ -446,10 +451,10 @@ def get_layout(self): console: str = console_and_game_id[0] game_id: str = console_and_game_id[1] - label_text = f'- {game_id} ({console.title()})' + label_text = HTML('- {} ({})').format(game_id, console.title()) else: - label_text = f'- {console_and_game_id[0]}' - game_labels.append(Label(HTML(label_text))) + label_text = HTML('- {}').format(console_and_game_id[0]) + game_labels.append(Label(label_text)) right_panel_layout = HSplit([]) if self.right_panel_state == 'Menu': @@ -467,8 +472,8 @@ def get_layout(self): Frame( Box( HSplit([ - Label(HTML(f'Name: {self.riitag_info.name}')), - Label(HTML(f'Games: {len(game_labels)}')), + Label(HTML('Name: {}').format(self.riitag_info.name)), + Label(HTML('Games: {}').format(len(game_labels))), *game_labels ]), padding_left=3, padding_top=2 ), title='RiiTag'),