Refactor docstring and add todos

- Update docstring for `try_hack_me` to reflect public IP response
- Add TODO comments for template injection tests
- Adjust `FIXME` comment for `HTMLResponse` in `main.py`

Author: trottomv

app/main.py

@@ -24,7 +24,7 @@ async def try_hack_me(name: str = config.SUPER_SECRET_NAME):
         name (str, optional): Name of the user. Defaults to SUPER_SECRET_NAME.
 
     Returns:
-        str: HTML content with a greeting and a random text.
+        str: HTML content with a greeting and a public ip response.
     """
     try:
         # Get the public IP address from an external service
@@ -36,5 +36,6 @@ async def try_hack_me(name: str = config.SUPER_SECRET_NAME):
         public_ip = public_ip_response.text
     name = name or config.SUPER_SECRET_NAME
     content = f"<h1>Hello, {name}!</h1><h2>Public IP: <code>{public_ip}</code></h2>"
-    # FIXME: https://fastapi.tiangolo.com/advanced/custom-response/#return-a-response
+    # https://fastapi.tiangolo.com/advanced/custom-response/#return-a-response
+    # FIXME: return HTMLResponse(content)
     return Template(content).render()

tests/test_main.py

@@ -35,3 +35,7 @@ def test_root(requests_mock):
         response.content.decode()
         == "<h1>Hello, Bob!</h1><h2>Public IP: <code>123.45.67.89</code></h2>"
     )
+    # TODO
+    # response = client.get("/?name={{7*6}}")
+    # assert "42" not in response.content.decode()
+    # assert "{{7*6}}" in response.content.decode()