File tree Expand file tree Collapse file tree 1 file changed +26
-0
lines changed
server/api/views/assistant Expand file tree Collapse file tree 1 file changed +26
-0
lines changed Original file line number Diff line number Diff line change 1+ import re
2+ import logging
3+ logger = logging .getLogger (__name__ )
4+ def sanitize_input (user_input :str ) -> str :
5+ """
6+ Sanitize user input to prevent injection attacks and remove unwanted characters.
7+ Args:
8+ user_input (str): The raw input string from the user.
9+ Returns:
10+ str: The sanitized input string.
11+ """
12+ try :
13+ # Remove any script tags
14+ sanitized = re .sub (r'<script.*?>.*?</script>' , '' , user_input , flags = re .IGNORECASE )
15+ # Remove any HTML tags
16+ sanitized = re .sub (r'<.*?>' , '' , sanitized )
17+ # Escape special characters
18+ sanitized = re .sub (r'["\'\\]' , '' , sanitized )
19+ # Limit length to prevent buffer overflow attacks
20+ max_length = 1000
21+ if len (sanitized ) > max_length :
22+ sanitized = sanitized [:max_length ]
23+ return sanitized .strip ()
24+ except Exception as e :
25+ logger .error (f"Error sanitizing input: { e } )
26+ return ""
You can’t perform that action at this time.
0 commit comments