diff --git a/docker_scanner.py b/docker_scanner.py index cb9fdf3..f818bbc 100644 --- a/docker_scanner.py +++ b/docker_scanner.py @@ -4,6 +4,7 @@ import csv import pandas as pd import logging +import html from typing import List, Tuple, Dict, Optional from datetime import datetime from fpdf import FPDF @@ -1230,25 +1231,17 @@ def _prepare_html_template_vars(self, results: Dict) -> Dict[str, str]: def _escape_html(self, text: str) -> str: """ Escape HTML special characters in text. - + Args: text: Text to escape - + Returns: HTML-escaped text """ if not text: return "" - - html_escape_table = { - "&": "&", - '"': """, - "'": "'", - ">": ">", - "<": "<", - } - - return "".join(html_escape_table.get(c, c) for c in str(text)) + + return html.escape(str(text), quote=True) def main(): """Main function to run the security scanner.""" diff --git a/report_generator.py b/report_generator.py index 3b183de..cc877c9 100644 --- a/report_generator.py +++ b/report_generator.py @@ -16,6 +16,7 @@ import csv import re import logging +import html from typing import Dict, List, Optional from datetime import datetime from fpdf import FPDF @@ -457,25 +458,17 @@ def _prepare_html_template_vars(self, results: Dict) -> Dict[str, str]: def _escape_html(self, text: str) -> str: """ Escape HTML special characters in text. - + Args: text: Text to escape - + Returns: HTML-escaped text """ if not text: return "" - - html_escape_table = { - "&": "&", - '"': """, - "'": "'", - ">": ">", - "<": "<", - } - - return "".join(html_escape_table.get(c, c) for c in str(text)) + + return html.escape(str(text), quote=True) def _count_by_severity(self, vulnerabilities: List[Dict]) -> Dict[str, int]: """