From 933665d29a58d523d133f7cb579175c8558eea47 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Thu, 26 Mar 2026 09:13:30 +0000
Subject: [PATCH] fix: resolve CodeQL alert #49 - Reflected server-side
 cross-site scripting

---
 vulnerable_xss.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vulnerable_xss.py b/vulnerable_xss.py
index 59b8652..fe8d36c 100644
--- a/vulnerable_xss.py
+++ b/vulnerable_xss.py
@@ -55,7 +55,8 @@ def error_page():
 
 @app.route('/dashboard')
 def dashboard():
-    user_input = request.args.get('data', '')
+    from markupsafe import escape
+    user_input = escape(request.args.get('data', ''))
     
     response = make_response(f"<p>Dashboard data: {user_input}</p>")
     return response