From 9cbd2280cfcd9b07c2db3709922933c917e198b8 Mon Sep 17 00:00:00 2001
From: Mark L Taylor <taylormarkld@gmail.com>
Date: Sun, 2 May 2021 11:07:31 -0700
Subject: [PATCH 1/2] Updated MarkupSafe to 1.1

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b4ca511..77d8058 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,6 +2,6 @@ click==6.7
 Flask==1.0.2
 itsdangerous==0.24
 Jinja2==2.10
-MarkupSafe==1.0
+MarkupSafe==1.1
 peewee==3.3.4
 Werkzeug==0.14.1

From ca5047ab9bd9df09fe5f1330a8641f63b76c5316 Mon Sep 17 00:00:00 2001
From: Mark L Taylor <taylormarkld@gmail.com>
Date: Sun, 2 May 2021 11:08:05 -0700
Subject: [PATCH 2/2] Utilize html.escape to prevent XSS attackes

---
 main.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/main.py b/main.py
index fd03988..92ee2dc 100644
--- a/main.py
+++ b/main.py
@@ -1,5 +1,6 @@
 import os
 import base64
+import html
 
 from flask import Flask, request
 from model import Message 
@@ -31,7 +32,7 @@ def home():
 <div class="message">
 {}
 </div>
-""".format(m.content)
+""".format(html.escape(m.content))
 
     return body