Improving Security in injectCSS_Paths Function (Line 278-285) #399
Description
Line 278 in 6baae24
Security Concern: The injectCSS_Paths function currently uses str.replace() to directly inject values, which can become a security risk with untrusted input.
Suggestion: Refactor the replacements using a dictionary to allow for safer and more manageable substitutions.
Code Suggestion:
def injectCSS_Paths(self, code):
replacements = {
"[FAVICON_HREF]": self.CSSFiles[0]['src'],
"[FAVICON_PNG_HREF]": self.CSSFiles[1]['src'],
"[BASE_ICONS_HREF]": self.CSSFiles[2]['src'],
"[STYLES_HREF]": self.CSSFiles[3]['src'],
"[NORMALIZE_HREF]": self.CSSFiles[4]['src'],
"[SERVICES_ICONS_HREF]": self.CSSFiles[5]['src']
}
for placeholder, value in replacements.items():
code = code.replace(placeholder, value)
return code
Benefit: Using a structured replacement approach makes this function easier to expand and reduces security risks if new replacements are added.