From 63b4e7491f9757a2f3947b44d76777b0c216a39a Mon Sep 17 00:00:00 2001
From: hanfi <ccc@spahan.ch>
Date: Fri, 16 Jun 2023 08:23:18 +0200
Subject: [PATCH] input sanitation

---
 backend/utils.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/backend/utils.py b/backend/utils.py
index 58d0ebf..b247acf 100644
--- a/backend/utils.py
+++ b/backend/utils.py
@@ -1,4 +1,5 @@
 from datetime import datetime
+from html import escape
 from secrets import token_hex
 
 from cryptography.exceptions import InvalidSignature
@@ -57,10 +58,10 @@ def update_item(db: Session, item: schemas.Item, data: schemas.ItemUpdate):
     verify = ""
     if data.addressee:
         verify += data.addressee
-        item.addressee = data.addressee
+        item.addressee = escape(data.addressee)
     if data.team:
         verify += data.team
-        item.team = data.team
+        item.team = escape(data.team)
     if data.amount:
         verify += str(data.amount)
         item.amount = data.amount
-- 
GitLab