From 1989275944ae5d4194270f842c7ebddd44c79291 Mon Sep 17 00:00:00 2001 From: Preston Maness Date: Sat, 23 Jan 2021 20:32:56 -0600 Subject: [PATCH 1/3] Fix issue #617 by using mark_safe in combination with format_html I have no experience with Django, so all I'm really going off of is this stackoverflow https://stackoverflow.com/a/64498319 which cited this bit of Django documentation: https://docs.djangoproject.com/en/3.1/ref/utils/#django.utils.html.format_html After using this method, I no longer get the 500 error or KeyError exception, and can browse the local server and interact with the single entry in it (the problematic URL in ArchiveBox#617 with curly braces). Whether this is the "right" method or not, I have no idea. But it is at least a start. --- archivebox/index/html.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archivebox/index/html.py b/archivebox/index/html.py index a62e2c7e..6db8435c 100644 --- a/archivebox/index/html.py +++ b/archivebox/index/html.py @@ -4,7 +4,7 @@ from datetime import datetime from typing import List, Optional, Iterator, Mapping from pathlib import Path -from django.utils.html import format_html +from django.utils.html import format_html, mark_safe from collections import defaultdict from .schema import Link @@ -161,4 +161,4 @@ def snapshot_icons(snapshot) -> str: output += '{} '.format(canon["archive_org_path"], str(exists), "archive_org", icons.get("archive_org", "?")) - return format_html(f'{output}') + return format_html('{}', mark_safe(output)) From b647581115b601459962ae66a6898a9b6c483c9b Mon Sep 17 00:00:00 2001 From: Preston Maness Date: Mon, 25 Jan 2021 20:47:57 -0600 Subject: [PATCH 2/3] Update archivebox/index/html.py mark_safe is dangerous, as the URL's filename could have malicious HTML fragments in it. Co-authored-by: Nick Sweeting --- archivebox/index/html.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archivebox/index/html.py b/archivebox/index/html.py index 6db8435c..27940cb2 100644 --- a/archivebox/index/html.py +++ b/archivebox/index/html.py @@ -161,4 +161,4 @@ def snapshot_icons(snapshot) -> str: output += '{} '.format(canon["archive_org_path"], str(exists), "archive_org", icons.get("archive_org", "?")) - return format_html('{}', mark_safe(output)) + return format_html('{}', output) From 1810426774ebea0d350fe3926278da60680b8d08 Mon Sep 17 00:00:00 2001 From: Preston Maness Date: Mon, 25 Jan 2021 21:16:06 -0600 Subject: [PATCH 3/3] Remove now-unused mark_safe import --- archivebox/index/html.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/archivebox/index/html.py b/archivebox/index/html.py index 27940cb2..12eab62a 100644 --- a/archivebox/index/html.py +++ b/archivebox/index/html.py @@ -4,7 +4,7 @@ from datetime import datetime from typing import List, Optional, Iterator, Mapping from pathlib import Path -from django.utils.html import format_html, mark_safe +from django.utils.html import format_html from collections import defaultdict from .schema import Link