diff options
Diffstat (limited to 'components')
| -rw-r--r-- | components/news.py | 11 | ||||
| -rw-r--r-- | components/valuation.py | 85 |
2 files changed, 50 insertions, 46 deletions
diff --git a/components/news.py b/components/news.py index 522826c..cb43ea8 100644 --- a/components/news.py +++ b/components/news.py @@ -3,6 +3,7 @@ import streamlit as st from datetime import datetime from services.news_service import get_company_news, get_news_sentiment from services.fmp_service import get_company_news as get_fmp_news +from utils.security import escape_html, validate_outbound_url def _sentiment_badge(sentiment: str) -> str: @@ -69,9 +70,10 @@ def render_news(ticker: str): for article in articles: headline = article.get("headline") or article.get("title", "No title") source = article.get("source") or article.get("site", "") - url = article.get("url") or article.get("newsURL") or article.get("url", "") + url = validate_outbound_url(article.get("url") or article.get("newsURL")) timestamp = article.get("datetime") or article.get("publishedDate", "") summary = article.get("summary") or article.get("text") or "" + headline_html = escape_html(headline) sentiment = _classify_sentiment(article) badge = _sentiment_badge(sentiment) @@ -81,9 +83,12 @@ def render_news(ticker: str): col1, col2 = st.columns([5, 1]) with col1: if url: - st.markdown(f"**[{headline}]({url})**") + st.markdown( + f'<strong><a href="{escape_html(url)}" target="_blank" rel="noopener noreferrer">{headline_html}</a></strong>', + unsafe_allow_html=True, + ) else: - st.markdown(f"**{headline}**") + st.markdown(f"<strong>{headline_html}</strong>", unsafe_allow_html=True) meta = " · ".join(filter(None, [source, time_str])) if meta: st.caption(meta) diff --git a/components/valuation.py b/components/valuation.py index db352b3..9525c69 100644 --- a/components/valuation.py +++ b/components/valuation.py @@ -1,5 +1,4 @@ """Valuation panel — key ratios, models, comparable companies, analyst targets, earnings history.""" -import json import numpy as np import pandas as pd import plotly.graph_objects as go @@ -38,6 +37,7 @@ from services.valuation_service import ( compute_raw_historical_growth_rate, ) from utils.formatters import fmt_ratio, fmt_pct, fmt_large, fmt_currency +from utils.security import escape_html, json_for_script FINANCIAL_SECTORS = {"Financial Services"} @@ -116,6 +116,10 @@ def _escape_markdown_currency(value: str) -> str: return value.replace("$", r"\$") +def _h(value) -> str: + return escape_html(value) + + def render_valuation(ticker: str): tabs = st.tabs([ "Key Ratios", @@ -503,10 +507,10 @@ def _render_ratios(ticker: str): _XMAP = {"NYQ": "NYSE", "NMS": "NASDAQ", "NGM": "NASDAQ", "NCM": "NASDAQ", "ASE": "AMEX"} raw_x = (info.get("exchange", "") if info else "") or "" - exchange = _XMAP.get(raw_x, raw_x) or "—" - co_name = (info.get("longName", ticker) if info else ticker) or ticker - sector = (info.get("sector", "—") if info else "—") or "—" - industry = (info.get("industry", "—") if info else "—") or "—" + exchange = _h(_XMAP.get(raw_x, raw_x) or "—") + co_name = _h((info.get("longName", ticker) if info else ticker) or ticker) + sector = _h((info.get("sector", "—") if info else "—") or "—") + industry = _h((info.get("industry", "—") if info else "—") or "—") n_peers = len(peers) from datetime import date as _date today_str = _date.today().strftime("%b %d, %Y") @@ -1245,7 +1249,7 @@ def _build_dcf_canvas_html( bar_line_colors = ["#1F3B5E"] * len(discounted) + ["#DCC79E"] bar_text = [_fmt_b(v) for v in discounted] + [_fmt_b(tv_pv)] - plotly_data_json = json.dumps([{ + plotly_data_json = json_for_script([{ "type": "bar", "x": bar_x, "y": bar_y, @@ -1256,7 +1260,7 @@ def _build_dcf_canvas_html( "hovertemplate": "%{x}: %{text}<extra></extra>", "cliponaxis": False, }]) - plotly_layout_json = json.dumps({ + plotly_layout_json = json_for_script({ "paper_bgcolor": "#11151C", "plot_bgcolor": "#11151C", "margin": {"l": 48, "r": 8, "t": 28, "b": 36}, @@ -1280,7 +1284,7 @@ def _build_dcf_canvas_html( "uniformtext": {"mode": "hide", "minsize": 8}, }) - data_json = json.dumps({ + data_json = json_for_script({ "baseFcf": result["base_fcf"], "netDebt": result["net_debt"], "otherClaims": ctx["preferred_equity"] + ctx["minority_interest"], @@ -1758,11 +1762,11 @@ def _build_multiples_canvas_html(ctx: dict) -> str: pr = get_ratios_for_tickers(peers[:6]) if pr: import statistics as _stats - eb_vs = [float(r["enterpriseValueMultipleTTM"]) for r in pr.values() + eb_vs = [float(r["enterpriseValueMultipleTTM"]) for r in pr if r and r.get("enterpriseValueMultipleTTM") and 2 < r["enterpriseValueMultipleTTM"] < 100] - rv_vs = [float(r["priceToSalesRatioTTM"]) for r in pr.values() - if r and r.get("priceToSalesRatioTTM") and 0.1 < r["priceToSalesRatioTTM"] < 50] - pb_vs = [float(r["priceToBookRatioTTM"]) for r in pr.values() + rv_vs = [float(r["evToSalesTTM"]) for r in pr + if r and r.get("evToSalesTTM") and 0.1 < r["evToSalesTTM"] < 50] + pb_vs = [float(r["priceToBookRatioTTM"]) for r in pr if r and r.get("priceToBookRatioTTM") and 0.5 < r["priceToBookRatioTTM"] < 200] if eb_vs: eb_sector = _stats.median(eb_vs) @@ -1777,7 +1781,7 @@ def _build_multiples_canvas_html(ctx: dict) -> str: rv_sector = _clamp(rv_sector, 4.0, 20.0) pb_sector = _clamp(pb_sector, 4.0, 60.0) - dcf_iv = st.session_state.get("dcf_intrinsic") + dcf_iv = st.session_state.get(f"dcf_intrinsic_{ctx['ticker']}") dcf_wacc = st.session_state.get(f"dcf_wacc_{ctx['ticker']}", 10.0) dcf_tg = st.session_state.get(f"dcf_tg_{ctx['ticker']}", 2.5) dcf_yrs = st.session_state.get(f"dcf_yrs_{ctx['ticker']}", 5) @@ -1891,9 +1895,9 @@ def _build_multiples_canvas_html(ctx: dict) -> str: dcf_meta_str = "Switch to DCF tab to compute" ticker = ctx["ticker"] - exchange = (ctx.get("info") or {}).get("exchange") or "—" + exchange = _h((ctx.get("info") or {}).get("exchange") or "—") - data_json = json.dumps({ + data_json = json_for_script({ "market": market, "shares": shares, "netDebt": net_debt, "totalDebt": total_debt, "cash": cash, "ebitda": ebitda, "revenue": revenue, "bookPs": book_ps, @@ -2269,7 +2273,7 @@ def _render_dcf_model(ctx: dict): st.warning(result["error"]) return - st.session_state["dcf_intrinsic"] = result["intrinsic_value_per_share"] + st.session_state[f"dcf_intrinsic_{ctx['ticker']}"] = result["intrinsic_value_per_share"] st.session_state[f"dcf_params_{ctx['ticker']}"] = {"wacc": wacc_pct, "tg": tg_pct, "yrs": yrs} # Cross-check: run other models at their current market multiples @@ -2704,8 +2708,9 @@ def _render_models(ticker: str): st.caption(ctx["summary"]) _render_model_availability(ctx) - if "models_view" not in st.session_state: - st.session_state["models_view"] = "dcf" + view_key = f"models_view_{ticker}" + if view_key not in st.session_state: + st.session_state[view_key] = "dcf" st.markdown(_DCF_RAIL_CSS, unsafe_allow_html=True) @@ -2714,24 +2719,24 @@ def _render_models(ticker: str): if st.button( "Discounted Cash Flow", key=f"pick_dcf_{ticker}", - type="primary" if st.session_state["models_view"] == "dcf" else "secondary", + type="primary" if st.session_state[view_key] == "dcf" else "secondary", width="stretch", ): - st.session_state["models_view"] = "dcf" + st.session_state[view_key] = "dcf" st.rerun() with _pc2: if st.button( "Multiples", key=f"pick_mult_{ticker}", - type="primary" if st.session_state["models_view"] == "multiples" else "secondary", + type="primary" if st.session_state[view_key] == "multiples" else "secondary", width="stretch", ): - st.session_state["models_view"] = "multiples" + st.session_state[view_key] = "multiples" st.rerun() st.markdown("---") - view = st.session_state.get("models_view", "dcf") + view = st.session_state.get(view_key, "dcf") if view == "dcf": if ctx["dcf_available"]: _render_dcf_model(ctx) @@ -2826,7 +2831,6 @@ _CC_CSS = """<style> def _render_comps(ticker: str): - import json as _json info = get_company_info(ticker) auto_peers = get_peers(ticker) @@ -2978,7 +2982,7 @@ def _render_comps(ticker: str): }) sym = ticker.upper() - name = (info.get("longName") or info.get("shortName") or sym) if info else sym + name = _h((info.get("longName") or info.get("shortName") or sym) if info else sym) price = get_latest_price(ticker) prev_close = (info.get("previousClose") if info else None) if price and prev_close and prev_close > 0: @@ -2988,11 +2992,11 @@ def _render_comps(ticker: str): else: chg_str, chg_cls = "—", "" raw_x = (info.get("exchange", "") if info else "") or "" - exchange = _XMAP.get(raw_x, raw_x) or "—" + exchange = _h(_XMAP.get(raw_x, raw_x) or "—") price_str = f"${price:.2f}" if price else "—" n_peers = len(peers) - 1 - data_json = _json.dumps({ + data_json = json_for_script({ "subject": sym, "peers": peers, "peerMedian": peer_median_row, @@ -3257,7 +3261,6 @@ _AT_CSS = """<style> # ── Analyst Targets ────────────────────────────────────────────────────────── def _render_analyst_targets(ticker: str): - import json as _json targets = get_analyst_price_targets(ticker) recs = get_recommendations_summary(ticker) @@ -3409,7 +3412,7 @@ def _render_analyst_targets(ticker: str): # Context strip sym = ticker.upper() - name = (info.get("longName") or info.get("shortName") or sym) if info else sym + name = _h((info.get("longName") or info.get("shortName") or sym) if info else sym) price = get_latest_price(ticker) prev_close = (info.get("previousClose") if info else None) if price and prev_close and prev_close > 0: @@ -3420,7 +3423,7 @@ def _render_analyst_targets(ticker: str): chg_str, chg_cls = "—", "" _XMAP = {"NYQ": "NYSE", "NMS": "NASDAQ", "NGM": "NASDAQ", "NCM": "NASDAQ", "ASE": "AMEX"} raw_x = (info.get("exchange", "") if info else "") or "" - exchange = _XMAP.get(raw_x, raw_x) or "—" + exchange = _h(_XMAP.get(raw_x, raw_x) or "—") price_str = f"${price:.2f}" if price else "—" ctx_html = ( @@ -3580,7 +3583,6 @@ _EH_CSS = """<style> def _render_earnings_history(ticker: str): - import json as _json eh = get_earnings_history(ticker) next_date = get_next_earnings_date(ticker) @@ -3812,7 +3814,7 @@ def _render_earnings_history(ticker: str): # Context strip sym = ticker.upper() - name = (info.get("longName") or info.get("shortName") or sym) if info else sym + name = _h((info.get("longName") or info.get("shortName") or sym) if info else sym) price = get_latest_price(ticker) prev_close = (info.get("previousClose") if info else None) if price and prev_close and prev_close > 0: @@ -3823,7 +3825,7 @@ def _render_earnings_history(ticker: str): chg_str, chg_cls = "—", "" _XMAP = {"NYQ": "NYSE", "NMS": "NASDAQ", "NGM": "NASDAQ", "NCM": "NASDAQ", "ASE": "AMEX"} raw_x = (info.get("exchange", "") if info else "") or "" - exchange = _XMAP.get(raw_x, raw_x) or "—" + exchange = _h(_XMAP.get(raw_x, raw_x) or "—") price_str = f"${price:.2f}" if price else "—" ctx_html = ( @@ -3838,7 +3840,7 @@ def _render_earnings_history(ticker: str): '</div></div>' ) - next_date_str = next_date if next_date else "Not scheduled" + next_date_str = _h(next_date if next_date else "Not scheduled") med_surp_str = (f"{med_surprise * 100:+.1f}%" if med_surprise is not None else "—") lede_html = ( @@ -4060,7 +4062,6 @@ _KH_CSS = """<style> def _render_historical_ratios(ticker: str): - import json as _json info = get_company_info(ticker) hist_rows = get_historical_ratios(ticker, limit=10) if not hist_rows: @@ -4110,16 +4111,16 @@ def _render_historical_ratios(ticker: str): else: chg_str, chg_cls = "—", "" sym = ticker.upper() - name = (info.get("longName") or info.get("shortName") or sym) if info else sym + name = _h((info.get("longName") or info.get("shortName") or sym) if info else sym) _XMAP = {"NYQ": "NYSE", "NMS": "NASDAQ", "NGM": "NASDAQ", "NCM": "NASDAQ", "ASE": "AMEX"} raw_x = (info.get("exchange", "") if info else "") or "" - exchange = _XMAP.get(raw_x, raw_x) or "—" + exchange = _h(_XMAP.get(raw_x, raw_x) or "—") price_str = f"${price:.2f}" if price else "—" n_periods = len(periods) n_rows = len(series_data) n_groups = len({s["group"] for s in series_data}) total_height = 48 + 24 + 180 + 24 + 420 + 24 + (68 + n_groups * 50 + n_rows * 42) + 24 + 60 + 60 - data_json = _json.dumps({"periods": periods, "series": series_data}) + data_json = json_for_script({"periods": periods, "series": series_data}) ctx_html = ( f'<div class="val-ctx">' f'<span class="sym">{sym}</span>' @@ -4396,7 +4397,6 @@ table.fe-table td:first-child{text-align:left;color:var(--fg-1);font-weight:500} def _render_forward_estimates(ticker: str): - import json as _json with st.spinner("Loading forward estimates…"): estimates = get_analyst_estimates(ticker) @@ -4562,7 +4562,7 @@ def _render_forward_estimates(ticker: str): # Context strip info = get_company_info(ticker) sym = ticker.upper() - name = (info.get("longName") or info.get("shortName") or sym) if info else sym + name = _h((info.get("longName") or info.get("shortName") or sym) if info else sym) price = get_latest_price(ticker) prev_close = (info.get("previousClose") if info else None) if price and prev_close and prev_close > 0: @@ -4573,7 +4573,7 @@ def _render_forward_estimates(ticker: str): chg_str, chg_cls = "—", "" _XMAP = {"NYQ": "NYSE", "NMS": "NASDAQ", "NGM": "NASDAQ", "NCM": "NASDAQ", "ASE": "AMEX"} raw_x = (info.get("exchange", "") if info else "") or "" - exchange = _XMAP.get(raw_x, raw_x) or "—" + exchange = _h(_XMAP.get(raw_x, raw_x) or "—") price_str = f"${price:.2f}" if price else "—" ctx_html = ( @@ -4702,7 +4702,7 @@ def _render_forward_estimates(ticker: str): ) js = ( - "const D=" + _json.dumps(chart_data) + ";\n" + "const D=" + json_for_script(chart_data) + ";\n" "function showTab(tab,el){" "document.querySelectorAll('.tab-pill').forEach(function(b){" "b.className='tab-pill '+(b===el?'active':'inactive');" @@ -4779,4 +4779,3 @@ def _render_forward_estimates(ticker: str): height = 1320 + len(annual_rows) * 50 components.html(doc, height=height, scrolling=False) - |