From 4226a84cc37fc978a172b52565c273665b318de4 Mon Sep 17 00:00:00 2001
From: Maxime Bonin <maximebonin@outlook.com>
Date: Mon, 20 May 2024 19:50:52 -0400
Subject: [PATCH] escape html content

---
 src/lambda_handlers.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/lambda_handlers.py b/src/lambda_handlers.py
index 4e08609..0d39cb2 100644
--- a/src/lambda_handlers.py
+++ b/src/lambda_handlers.py
@@ -1,4 +1,4 @@
-import json
+import json, html
 from api_handler import ApiHandler
 from model import PasteDataAware
 
@@ -10,6 +10,7 @@ def get_handler(paste: PasteDataAware, is_web_browser: bool = False):
         return {"statusCode": 404}
 
     if is_web_browser:
+        escaped_content = html.escape(content)
         response_html = """
             <!DOCTYPE html>
             <html>
@@ -22,7 +23,7 @@ def get_handler(paste: PasteDataAware, is_web_browser: bool = False):
                 </body>
             </html>
             """.format(
-            content
+            escaped_content
         )
         return {
             "statusCode": 200,