research-school-2024/examples/xss.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""XSS example"""

from flask import Flask, render_template_string, request

app = Flask(__name__)


@app.route("/", methods=["GET", "POST"])
def index():
    """Index page"""

    user_comment: str = request.form.get("comment", "(none)")

    return render_template_string(
        f"""
<h1>Your Comment</h1><p>{user_comment}</p>
<form action="/" method="post">
<label for="comment">comment:</label>
<input type="text" id="comment" name="comment"><br><br>
<input type="submit" value="Submit">
</form>
"""
    )


if __name__ == "__main__":
    app.run(debug=True)