From 81b7fd1876c90700406a4cb211aa0b420b6c56e9 Mon Sep 17 00:00:00 2001 From: Ben Busby Date: Wed, 11 Oct 2023 17:17:46 -0600 Subject: [PATCH] Encrypt site icon requests Paths to favicons are now encrypted with the user's Fernet key, the same as any other external result page element --- app/filter.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/app/filter.py b/app/filter.py index db28b63..355b358 100644 --- a/app/filter.py +++ b/app/filter.py @@ -264,9 +264,11 @@ class Filter: # Construct the html for inserting the icon into the parent div parsed = urlparse.urlparse(link['href']) - src = f'{self.root_url}/{Endpoint.element}?url=' + ( - f'{parsed.scheme}://{parsed.netloc}/favicon.ico' - ) + '&type=image/x-icon' + favicon = self.encrypt_path( + f'{parsed.scheme}://{parsed.netloc}/favicon.ico', + is_element=True) + src = f'{self.root_url}/{Endpoint.element}?url={favicon}' + \ + '&type=image/x-icon' html = f'' favicon = BeautifulSoup(html, 'html.parser')