Merge pull request #45 from MozillaSecurity/hostname-escape

denschub · web-flow · commit df481a6d2592 · 2025-07-10T13:31:30.000+02:00
Use json.dumps instead of a naive format string to generate the report signature
diff --git a/src/webcompat/models.py b/src/webcompat/models.py
@@ -68,17 +68,13 @@ def load(cls, data: str) -> Report:
     def create_signature(self) -> Signature:
         """Create a default signature"""
         return Signature(
-            f"""
-            {{
-              "symptoms": [
-                {{
-                  "type": "url",
-                  "part": "hostname",
-                  "value": "{self.url.hostname}"
-                }}
-              ]
-            }}
-            """
+            json.dumps(
+                {
+                    "symptoms": [
+                        {"type": "url", "part": "hostname", "value": self.url.hostname}
+                    ]
+                }
+            )
         )
 
 
