Sanitize HTML in notifications

Signed-off-by: Sumner Evans <me@sumnerevans.com>
2020-08-28 23:41:17 -04:00
parent 97c10c877e
commit d5b846ef97
3 changed files with 12 additions and 2 deletions
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -16,6 +16,14 @@
        ]
    },
    "default": {
+        "bleach": {
+            "hashes": [
+                "sha256:2bce3d8fab545a6528c8fa5d9f9ae8ebc85a56da365c7f85180bfe96a35ef22f",
+                "sha256:3c4c520fdb9db59ef139915a5db79f8b51bc2a7257ea0389f30c846883430a4b"
+            ],
+            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
+            "version": "==3.1.5"
+        },
        "bottle": {
            "hashes": [
                "sha256:0819b74b145a7def225c0e83b16a4d5711fde751cd92bae467a69efce720f69e",
--- a/setup.py
+++ b/setup.py
@@ -53,6 +53,7 @@ setup(
    packages=find_packages(exclude=["tests"]),
    package_data={"sublime": ["ui/app_styles.css", *package_data_files]},
    install_requires=[
+        "bleach",
        "dataclasses-json",
        "deepdiff",
        "fuzzywuzzy",
--- a/sublime/app.py
+++ b/sublime/app.py
@@ -1,3 +1,4 @@
+import bleach
 import logging
 import os
 import random
@@ -1184,9 +1185,9 @@ class SublimeMusicApp(Gtk.Application):
                    if glib_notify_exists:
                        notification_lines = []
                        if album := song.album:
-                            notification_lines.append(f"<i>{album.name}</i>")
+                            notification_lines.append(f"<i>{bleach.clean(album.name)}</i>")
                        if artist := song.artist:
-                            notification_lines.append(artist.name)
+                            notification_lines.append(bleach.clean(artist.name))
                        song_notification = Notify.Notification.new(
                            song.title, "\n".join(notification_lines),
                        )