Commits

Kang-min Wang committed 3a6d3a1

-- main.py --
fix xss bug

-- main.html --
change timer 2=>5

Comments (0)

Files changed (2)

 from google.appengine.ext.db import BadValueError
 import model
 import os
+import cgi
 from django.utils import simplejson
 
 
         jWhat = self.request.get('txtWhat')
         try:
             dbJoke = model.Joke(
-                            jWhen = jWhen,
-                            jWhere = jWhere,
-                            jWho = jWho,
-                            jWhat = jWhat
+                            jWhen = cgi.escape(jWhen),
+                            jWhere = cgi.escape(jWhere),
+                            jWho = cgi.escape(jWho),
+                            jWhat = cgi.escape(jWhat)
                         ).put()
             self.redirect('/')
         except BadValueError:

templates/main.html

 function InitializeTimer()
 {
     // Set the length of the timer, in seconds
-    timeout = 2; 
+    timeout = 5; 
     secs = timeout;
     StopTheClock();
     StartTheTimer();
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.