From b992a7c5ddaf6dba986a9fafe2619b7f337c247b Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Thu, 26 Mar 2026 09:13:18 +0000
Subject: [PATCH] fix: resolve CodeQL alert #45 - Reflected server-side
 cross-site scripting

---
 vulnerable_xss.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vulnerable_xss.py b/vulnerable_xss.py
index 59b8652..1491534 100644
--- a/vulnerable_xss.py
+++ b/vulnerable_xss.py
@@ -1,3 +1,4 @@
+from markupsafe import escape
 from flask import Flask, request, render_template_string, make_response
 
 app = Flask(__name__)
@@ -10,7 +11,7 @@ def hello():
 
 @app.route('/comment', methods=['POST'])
 def post_comment():
-    comment = request.form.get('comment', '')
+    comment = escape(request.form.get('comment', ''))
     
     html = f"""
     <html>