fix: unsanitized output (#8316)

* fix: unsanitized output

* fix: add license to template

Author: engelke

appengine/standard_python3/cloud_debugger/main.py

@@ -16,7 +16,7 @@
 # [START gae_python3_app]
 import logging
 
-from flask import Flask, request
+from flask import Flask, render_template, request
 
 # Enable cloud debugger
 try:
@@ -67,12 +67,7 @@ def ReverseString():
 
     current = StringProcessor(s).Reverse()
     expected = s[::-1]
-    return '''
-        <table>
-            <tr><th>Program Output:</th><th>{}</th></tr>
-            <tr><th>Correct Output:</th><th>{}</th><tr>
-        </table>
-    '''.format(current, expected)
+    return render_template("index.html", current=current, expected=expected)
 
 
 @app.route('/')

appengine/standard_python3/cloud_debugger/templates/index.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<!--
+ Copyright 2022 Google LLC
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<html>
+    <head>
+        <title>Reverse a String</title>
+    </head>
+
+    <body>
+        <table>
+            <tr><th>Program Output:</th><th>{{ current }}</th></tr>
+            <tr><th>Correct Output:</th><th>{{ expected }}</th><tr>
+        </table>
+    </body>
+</html>