From 0d888203cbc4dc596d0c05cedfeabe8785b263fc Mon Sep 17 00:00:00 2001 From: Tyler Date: Sat, 16 May 2026 00:02:32 -0700 Subject: Fix valuation and data robustness bugs --- app.py | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'app.py') diff --git a/app.py b/app.py index ff5ba35..bff6209 100644 --- a/app.py +++ b/app.py @@ -408,6 +408,7 @@ hr { import plotly.graph_objects as go import plotly.io as pio +from utils.security import escape_html, validate_outbound_url # ── Plotly theme ────────────────────────────────────────────────────────────── _prism_layout = go.Layout( @@ -543,6 +544,8 @@ with st.sidebar: co_name = info.get("longName", ticker) price = get_latest_price(ticker) prev_close = info.get("previousClose") or info.get("regularMarketPreviousClose") + ticker_html = escape_html(ticker) + co_name_html = escape_html(co_name) # Ticker + name st.markdown(f""" @@ -553,12 +556,12 @@ with st.sidebar: font-size: 2rem; color: #F2ECDC; line-height: 0.95; letter-spacing: -0.025em; margin-bottom: 4px; - ">{ticker} + ">{ticker_html}
{co_name}
+ ">{co_name_html} """, unsafe_allow_html=True) @@ -608,10 +611,10 @@ with st.sidebar: emp_str = f"{employees:,}" if isinstance(employees, int) else "—" rows = [ - ("Exchange", exchange), - ("Sector", sector), - ("Currency", currency), - ("Employees", emp_str), + ("Exchange", escape_html(exchange)), + ("Sector", escape_html(sector)), + ("Currency", escape_html(currency)), + ("Employees", escape_html(emp_str)), ] rows_html = "".join(f"""
@@ -628,11 +631,11 @@ with st.sidebar: ">{rows_html}
""", unsafe_allow_html=True) - website = info.get("website", "") + website = validate_outbound_url(info.get("website", "")) if website: st.markdown(f"""
-