From 2e415472c326bae124f222d1ab674608c345921c Mon Sep 17 00:00:00 2001
From: Annie Enchakattu <31044836+Annie-Enchakattu@users.noreply.github.com>
Date: Thu, 14 Nov 2019 21:29:34 -0800
Subject: [PATCH] Added fix for XSS bug in search

---
 demo/app.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/demo/app.py b/demo/app.py
index 295d239..6ee40a1 100644
--- a/demo/app.py
+++ b/demo/app.py
@@ -18,6 +18,8 @@ from flask import send_file
 from predict import Predict
 from sample_images import Sample_images
 
+from flask import escape
+
 search = Search()
 predict = Predict()
 sample_images = Sample_images()
@@ -216,7 +218,7 @@ def get_images():
 @app.route('/get_search_results', methods=['GET'])     
 def get_search_results():
     try:
-        search_string = request.args.get("searchString")
+        search_string = escape(request.args.get("searchString"))
         search.do_search(search_string)
         result = search.result.fillna(' ')
 
@@ -230,7 +232,7 @@ def get_search_results():
 
     except Exception as e:
       print(str(e))
-      return str(e)
+      return "Error occurred while processing the request. The search term could be invalid"
 
 @app.route('/get_more_search_images', methods=['GET'])
 def get_more_search_images():
@@ -298,4 +300,4 @@ def check_image_url():
 
 
 if __name__ == "__main__":
-    app.run(threaded=True, host="0.0.0.0")
\ No newline at end of file
+    app.run(threaded=True, host="0.0.0.0")