Patch de faille XSS et mise aux normes W3C

This commit is contained in:
Rick 2020-09-27 12:17:06 +02:00
parent 234b79f218
commit 0b8aa84ddb
Signed by: Rick
GPG key ID: 9570A7DB7CB2F436
3 changed files with 13 additions and 28 deletions

11
app.py
View file

@ -1,4 +1,4 @@
from flask import Flask, render_template, request, redirect, url_for from flask import Flask, render_template, request, redirect, url_for, make_response
from os import path from os import path
from bs4 import BeautifulSoup from bs4 import BeautifulSoup
@ -7,7 +7,9 @@ app.config['TEMPLATES_AUTO_RELOAD'] = True
@app.route('/') @app.route('/')
def slash(): def slash():
return render_template("index.html") response = make_response(render_template("index.html"))
response.headers["Content-Security-Policy"] = "default-src 'self'"
return response
@app.route("/ajout") @app.route("/ajout")
def ajout(): def ajout():
@ -25,15 +27,16 @@ def bizutage():
desc = request.values['desc'] desc = request.values['desc']
nouvLien = "<div class=\"elem\"><h2>{}</h2><p><a href=\"{}\">Lien</a></p><hr><p>{}</p>".format(titre, lien, desc) nouvLien = "<div class=\"elem\"><h2>{}</h2><p><a href=\"{}\">Lien</a></p><hr><p>{}</p>".format(titre, lien, desc)
nouvLienHtml = BeautifulSoup(nouvLien, "html.parser") nouvLienHtml = BeautifulSoup(nouvLien, "html.parser")
with open("templates/index.html", 'r') as file: with open("templates/index.html", 'r') as file:
soup = BeautifulSoup(file, 'html.parser') soup = BeautifulSoup(file, 'html.parser')
soup.find("hr").append(nouvLienHtml) soup.find("hr").insert_after("", nouvLienHtml)
with open("templates/index.html", 'w') as file: with open("templates/index.html", 'w') as file:
file.write(soup.prettify()) file.write(soup.prettify())
with open("lite/index.html", 'r') as file: with open("lite/index.html", 'r') as file:
soup = BeautifulSoup(file, 'html.parser') soup = BeautifulSoup(file, 'html.parser')
soup.find("hr").append(nouvLienHtml) soup.find("hr").insert_after("", nouvLienHtml)
with open("lite/index.html", 'w') as file: with open("lite/index.html", 'w') as file:
file.write(soup.prettify()) file.write(soup.prettify())
else: else:

View file

@ -4,36 +4,21 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<link rel="stylesheet" href="styles/index.css"> <link rel="stylesheet" href="styles/index.css">
<link rel="stylesheet" href="styles/base.css"> <link rel="stylesheet" href="styles/base.css">
<title>Document</title> <title>Partage de liens</title>
</head> </head>
<body> <body>
<div id="menu"> <div id="menu">
<h1>Liens</h1> <h1>Liens</h1>
<header> <header>
<!-- <a href="recherche/">Recherche</a> -->
<a href="ajout.html">Ajout</a> <a href="ajout.html">Ajout</a>
<a href="apropos.html">A propos</a> <a href="apropos.html">A propos</a>
</header> </header>
</div> </div>
<hr> <hr>
<!-- <div id="categories">
<ul>
<li><p>Informatique</p></li>
<li><p>Opsec</p></li>
<li><p>Tutoriel</p></li>
</ul>
</div> -->
<div class="elem"> <footer>
<h2>Titre</h2>
<p>Lien</p>
<hr> <hr>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed dui eros, molestie vitae dui in, porta volutpat augue. Donec fermentum efficitur ligula, ut facilisis metus ornare a. Vestibulum tempus tincidunt elit, in mattis tellus rutrum facilisis. Phasellus tempor tempus magna, quis vehicula libero commodo a. Nulla eget est euismod, aliquam est vitae, tempor enim. Etiam tincidunt cursus massa et rhoncus. Nunc ut justo mattis, dapibus diam et, viverra magna. Nulla commodo luctus lectus vitae elementum. Cras ullamcorper eu velit ut varius. Nam dictum ante ex, luctus tempor dolor scelerisque sed. Vestibulum malesuada sodales eros vel imperdiet. Cras placerat libero metus, sed mollis augue mattis vitae. Pellentesque sed quam et ligula vestibulum gravida vel vitae tortor. Proin iaculis libero a vulputate rutrum. Proin ornare bibendum tellus, sed fringilla ex posuere vitae. Ut sed lorem vel neque tempor placerat. </p> Version Alpha
<p>Tags:</p> </footer>
<ul>
<li> Opsec </li>
<li> Informatique </li>
</ul>
</div>
</body> </body>
</html> </html>

View file

@ -15,15 +15,12 @@
</header> </header>
</div> </div>
<hr> <hr>
<p> <p>Site en alpha. Futurs ajouts :</p>
Site en alpha. Futurs ajouts :
<ul> <ul>
<li>Tags</li> <li>Tags</li>
<li>Recherche</li> <li>Recherche</li>
</ul> </ul>
<p>Vous pouvez me proposer des ajouts en ouvrant un ticket sur le git ou en envoyant un mail à <code>rick &#60;AT&#62; gnous &#60;dot&#62; eu</code>.</p>
Vous pouvez me proposer des ajouts en ouvrant un ticket sur le git ou en envoyant un mail à <code>rick &#60;AT&#62; gnous &#60;dot&#62; eu</code>.
</p>
<p> Ce site est conçu pour réunir des liens de manière efficace afin de retrouver ou de stocker facilement une url.</p> <p> Ce site est conçu pour réunir des liens de manière efficace afin de retrouver ou de stocker facilement une url.</p>