forked from inveniosoftware/invenio-formatter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.py
73 lines (51 loc) · 1.63 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# -*- coding: utf-8 -*-
#
# This file is part of Invenio.
# Copyright (C) 2015-2018 CERN.
#
# Invenio is free software; you can redistribute it and/or modify it
# under the terms of the MIT License; see LICENSE file for more details.
"""Minimal Flask application example.
SPHINX-START
First install Invenio-Formatter by running:
.. code-block:: console
$ pip install -e .[all]
$ cd examples
Next, start the development server:
.. code-block:: console
$ export FLASK_APP=app.py FLASK_DEBUG=1
$ flask run
and open the example application in your browser:
.. code-block:: console
$ open http://127.0.0.1:5000/
SPHINX-END
"""
from __future__ import absolute_import, print_function
import base64
import datetime
from os.path import dirname, join
import jinja2
from flask import Flask, render_template
from invenio_formatter import InvenioFormatter
# Create Flask application
app = Flask(__name__)
app.config['ALLOWED_HTML_TAGS'] = [
'a',
]
app.config['ALLOWED_HTML_ATTRS'] = {
'a': ['href'],
}
InvenioFormatter(app)
# Set jinja loader to first grab templates from the app's folder.
app.jinja_loader = jinja2.ChoiceLoader([
jinja2.FileSystemLoader(join(dirname(__file__), "templates")),
app.jinja_loader
])
@app.route('/', methods=['GET'])
def index():
"""Example format date."""
mydate = datetime.date.today()
malicious_script = b"<script>alert('I will hack Invenio!')</script>"
base64_script = base64.b64encode(malicious_script).decode('UTF-8')
content = "<a href='data:text/html;base64,{}'></a>".format(base64_script)
return render_template('index.html', mydate=mydate, content=content)