dfs

files/classes/mod_logs.py

@@ -92,7 +92,7 @@ class ModAction(Base):
 		if self.target_user: return f'<a href="{self.target_user.url}">{self.target_user.username}</a>'
 		elif self.target_post:
 			if self.target_post.club: return f'<a href="{self.target_post.permalink}">{CC} ONLY</a>'
-			return f'<a href="{self.target_post.permalink}">{self.target_post.title.replace("<","")}</a>'
+			return f'<a href="{self.target_post.permalink}">{self.target_post.title.replace("<","").replace(">","")}</a>'
 		elif self.target_comment_id: return f'<a href="/comment/{self.target_comment_id}?context=9#context">comment</a>'
 
 	@property

files/helpers/sanitize.py

@@ -269,7 +269,7 @@ def sanitize(sanitized, noimages=False, alert=False, comment=False, edit=False):
 
 def filter_emojis_only(title, edit=False):
 
-	title = title.replace('<','').replace("\n", "").replace("\r", "").replace("\t", "").strip()
+	title = title.replace('<','&lt;').replace('>','&gt;').replace("\n", "").replace("\r", "").replace("\t", "").strip()
 
 	title = bleach.clean(title, tags=[])
 

files/routes/oauth.py

@@ -40,7 +40,7 @@ def authorize(v):
 def request_api_keys(v):
 
 	new_app = OauthApp(
-		app_name=request.values.get('name').replace('<',''),
+		app_name=request.values.get('name').replace('<','').replace('>',''),
 		redirect_uri=request.values.get('redirect_uri'),
 		author_id=v.id,
 		description=request.values.get("description")[:256]