Merge pull request #25 from BetterMint/alert-autofix-11

BetterMint · web-flow · commit e13dbad21417 · 2025-12-14T20:53:46.000-05:00
Potential fix for code scanning alert no. 11: Reflected server-side cross-site scripting
diff --git a/test/BetterMITM/addons/test_asgiapp.py b/test/BetterMITM/addons/test_asgiapp.py
@@ -1,6 +1,6 @@
 import asyncio
 import json
-
+import html
 import flask
 from flask import request
 
@@ -27,7 +27,7 @@ def request_check():
 
 @tapp.route("/requestbody", methods=["POST"])
 def request_body():
-    return json.dumps({"body": request.data.decode()})
+    return json.dumps({"body": html.escape(request.data.decode())})
 
 
 @tapp.route("/error")
