From 48db4f58a4d07cce3faab99017548e1f6466b24b Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@libreserver.org>
Date: Fri, 9 Sep 2022 18:49:03 +0100
Subject: [PATCH] Forbit input within markup

---
 utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils.py b/utils.py
index cc5b8dbf0..ea2a32076 100644
--- a/utils.py
+++ b/utils.py
@@ -1110,7 +1110,7 @@ def dangerous_markup(content: str, allow_local_network_access: bool) -> bool:
         return True
     invalid_strings = [
         'script', 'noscript', 'pre',
-        'canvas', 'style', 'abbr',
+        'canvas', 'style', 'abbr', 'input',
         'frame', 'iframe', 'html', 'body',
         'hr', 'allow-popups', 'allow-scripts',
         'amp-'