From d5b846ef97b0025ebc14234446edcd2725e5fd4c Mon Sep 17 00:00:00 2001 From: David Florness Date: Fri, 28 Aug 2020 23:41:17 -0400 Subject: [PATCH] Sanitize HTML in notifications Signed-off-by: Sumner Evans --- Pipfile.lock | 8 ++++++++ setup.py | 1 + sublime/app.py | 5 +++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 7881858..50fb86f 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -16,6 +16,14 @@ ] }, "default": { + "bleach": { + "hashes": [ + "sha256:2bce3d8fab545a6528c8fa5d9f9ae8ebc85a56da365c7f85180bfe96a35ef22f", + "sha256:3c4c520fdb9db59ef139915a5db79f8b51bc2a7257ea0389f30c846883430a4b" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==3.1.5" + }, "bottle": { "hashes": [ "sha256:0819b74b145a7def225c0e83b16a4d5711fde751cd92bae467a69efce720f69e", diff --git a/setup.py b/setup.py index 79af221..9ad0740 100644 --- a/setup.py +++ b/setup.py @@ -53,6 +53,7 @@ setup( packages=find_packages(exclude=["tests"]), package_data={"sublime": ["ui/app_styles.css", *package_data_files]}, install_requires=[ + "bleach", "dataclasses-json", "deepdiff", "fuzzywuzzy", diff --git a/sublime/app.py b/sublime/app.py index c398fef..7f5af1d 100644 --- a/sublime/app.py +++ b/sublime/app.py @@ -1,3 +1,4 @@ +import bleach import logging import os import random @@ -1184,9 +1185,9 @@ class SublimeMusicApp(Gtk.Application): if glib_notify_exists: notification_lines = [] if album := song.album: - notification_lines.append(f"{album.name}") + notification_lines.append(f"{bleach.clean(album.name)}") if artist := song.artist: - notification_lines.append(artist.name) + notification_lines.append(bleach.clean(artist.name)) song_notification = Notify.Notification.new( song.title, "\n".join(notification_lines), )