This PR will close #146 by sanitizing all user inputs and encoding user-controlled data that is outputed in HTTP responses
Describe your changes
Sanitization of User Inputs:
Implemented bleach.clean() to sanitize all user inputs across the application. Removes potentially malicious scripts from the inputs before they are processed or stored. All form inputs, including login and password change forms, now pass through bleach.clean() before processing. Query parameters are sanitized where they are used in the application logic.
Encoding of User-Controlled Data in Templates:
Utilized the | escape Jinja2 filter in our HTML templates to ensure that any user-controlled data is safely encoded before being rendered in the browser.
Applied escape() function in conjunction with Flask's flash() messages to encode feedback messages before they are displayed to the user.
Non-obvious technical information
the | escape Jinja2 filter is redundant, the template does this by default so we can remove if we feel like it is unnecessary
Checklist before requesting a review
[X] pre-commit run --all-files (run before pushing)
[X] pytest if applicable
[X] Link issue
[X] Update relevant documentation if applicable: doc strings, readme, poetry.
This PR will close #146 by sanitizing all user inputs and encoding user-controlled data that is outputed in HTTP responses
Describe your changes
Sanitization of User Inputs:
Encoding of User-Controlled Data in Templates:
Utilized the | escape Jinja2 filter in our HTML templates to ensure that any user-controlled data is safely encoded before being rendered in the browser.
Applied escape() function in conjunction with Flask's flash() messages to encode feedback messages before they are displayed to the user.
Non-obvious technical information
Checklist before requesting a review