From c3d027b3b5772c6d75e658510c9d5e6b2fbb160f Mon Sep 17 00:00:00 2001
From: Dobin <dobin.rutishauser@gmail.com>
Date: Wed, 21 Feb 2024 20:33:24 +0000
Subject: [PATCH] fix: broken html, escape

---
 app/views.py | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/app/views.py b/app/views.py
index 164ae48..2b9d956 100644
--- a/app/views.py
+++ b/app/views.py
@@ -1,4 +1,4 @@
-from flask import Blueprint, current_app, flash, request, redirect, url_for, render_template, send_file, make_response, session
+from flask import Blueprint, current_app, flash, request, redirect, url_for, render_template, send_file, make_response, session, escape
 from werkzeug.utils import secure_filename
 import os
 import logging
@@ -53,18 +53,14 @@ def project():
                     # skip it
                     continue
                 if '.ascii' in file:
-                    #data = data.replace(" ", "&nbsp;")
                     data = conv.convert(data, full=False)
-                    #data = data.replace("\n", "<br>")
                 if '.hex' in file:
+                    data = escape(data)
                     #data = highlight(data, HexdumpLexer(), HtmlFormatter(full=False))
-                    #data = data.replace("\n", "<br>")
-                    #data = data.replace(" ", "&nbsp;")
-                    data = data.replace("<", "&lt;")
-                    data = data.replace(">", "&gt;")
             elif '.log' in file:
-                data = data.replace("<", "&lt;")
-                data = data.replace(">", "&gt;")
+                data = escape(data)
+            else:
+                data = escape(data)
 
             entry = {
                 "name": file,