api

Sleeping

App Files Files Community

lokesh341 commited on May 14, 2025

Commit

dd99f96

verified ·

1 Parent(s): 2606639

Update app.py

Browse files

Files changed (1) hide show

app.py +15 -7

app.py CHANGED Viewed

@@ -6,6 +6,7 @@ import base64
 import os
 import logging
 import traceback
 from datetime import datetime
 from fastapi.responses import HTMLResponse
 from simple_salesforce import Salesforce
@@ -238,7 +239,7 @@ async def get_dashboard():
             <head>
                 <title>Subcontractor Performance Score App</title>
                 <style>
-                    body { font-family: "Arial", sans-serif; margin: 20px; background-color: #f5f7fa; }
                     h1, h2 { color: #333; }
                     .container { max-width: 1200px; margin: 0 auto; }
                     .summary-cards { display: flex; gap: 20px; margin-bottom: 20px; }
@@ -311,10 +312,12 @@ async def get_dashboard():
             trend = "trend-up" if scores['finalScore'] >= 90 else "trend-down" if scores['finalScore'] < 70 else "trend-flat"
             status_class = "status-good" if not alert_flag else "status-alert"
             status_text = "Good" if not alert_flag else "Alert"
             html_content += f"""
                             <tr>
                                 <td>#{idx}</td>
-                                <td>{log['vendorLogName']}</td>
                                 <td>{scores['finalScore']}</td>
                                 <td class="{trend}">{"↗" if trend == "trend-up" else "↘" if trend == "trend-down" else "—"}</td>
                                 <td><span class="{status_class}">{status_text}</span></td>
@@ -334,9 +337,10 @@ async def get_dashboard():
         if alert_logs:
             for log in alert_logs[:3]:  # Show up to 3 alerts
                 scores = log['scores']
                 html_content += f"""
                         <div style="margin-bottom: 10px;">
-                            <span style="color: #ef6c00;">⚠️ {log['vendorLogName']}</span> - Overall: {scores['finalScore']}
                             <br>Quality: {scores['qualityScore']} | Timeliness: {scores['timelinessScore']}
                             <a href="#" style="margin-left: 10px; color: #1976d2;">Review</a>
                         </div>
@@ -356,9 +360,10 @@ async def get_dashboard():
         for log in top_performing_logs:
             scores = log['scores']
             html_content += f"""
                             <div style="flex: 1; min-width: 200px;">
-                                <p>{log['vendorLogName']}<br><small>Last updated: 5/1/2025</small></p>
                                 <span class="score-circle" style="background: #e0e0e0;">{scores['finalScore']}</span> Overall
                                 <span class="score-circle" style="background: #e0e0e0;">{scores['qualityScore']}</span> Quality
                                 <span class="score-circle" style="background: #e0e0e0;">{scores['timelinessScore']}</span> Time
@@ -385,8 +390,9 @@ async def get_dashboard():
         """
         for log in vendor_logs:
             html_content += f"""
-                                        <option>{log['vendorLogName']}</option>
             """
         html_content += """
@@ -412,9 +418,10 @@ async def get_dashboard():
         """
         for log in sorted_logs[:5]:  # Show recent 5 reports
             html_content += f"""
                                 <div style="margin-bottom: 10px;">
-                                    📄 {log['vendorLogName']} - Monthly Performance
                                     <span style="float: right;">
                                         <small>5/1/2025</small>
                                         <a href="#" style="margin-left: 10px;">⬇</a>
@@ -433,7 +440,8 @@ async def get_dashboard():
             </body>
         </html>
         """
-        return HTMLResponse(content=html_content)
     except Exception as e:
         # Log the full stack trace for better debugging
         error_trace = traceback.format_exc()

 import os
 import logging
 import traceback
+import html  # For escaping special characters
 from datetime import datetime
 from fastapi.responses import HTMLResponse
 from simple_salesforce import Salesforce
             <head>
                 <title>Subcontractor Performance Score App</title>
                 <style>
+                    body { font-family: Arial, sans-serif; margin: 20px; background-color: #f5f7fa; }
                     h1, h2 { color: #333; }
                     .container { max-width: 1200px; margin: 0 auto; }
                     .summary-cards { display: flex; gap: 20px; margin-bottom: 20px; }
             trend = "trend-up" if scores['finalScore'] >= 90 else "trend-down" if scores['finalScore'] < 70 else "trend-flat"
             status_class = "status-good" if not alert_flag else "status-alert"
             status_text = "Good" if not alert_flag else "Alert"
+            # Escape dynamic data to prevent HTML injection
+            vendor_name = html.escape(log['vendorLogName'])
             html_content += f"""
                             <tr>
                                 <td>#{idx}</td>
+                                <td>{vendor_name}</td>
                                 <td>{scores['finalScore']}</td>
                                 <td class="{trend}">{"↗" if trend == "trend-up" else "↘" if trend == "trend-down" else "—"}</td>
                                 <td><span class="{status_class}">{status_text}</span></td>
         if alert_logs:
             for log in alert_logs[:3]:  # Show up to 3 alerts
                 scores = log['scores']
+                vendor_name = html.escape(log['vendorLogName'])
                 html_content += f"""
                         <div style="margin-bottom: 10px;">
+                            <span style="color: #ef6c00;">⚠️ {vendor_name}</span> - Overall: {scores['finalScore']}
                             <br>Quality: {scores['qualityScore']} | Timeliness: {scores['timelinessScore']}
                             <a href="#" style="margin-left: 10px; color: #1976d2;">Review</a>
                         </div>
         for log in top_performing_logs:
             scores = log['scores']
+            vendor_name = html.escape(log['vendorLogName'])
             html_content += f"""
                             <div style="flex: 1; min-width: 200px;">
+                                <p>{vendor_name}<br><small>Last updated: 5/1/2025</small></p>
                                 <span class="score-circle" style="background: #e0e0e0;">{scores['finalScore']}</span> Overall
                                 <span class="score-circle" style="background: #e0e0e0;">{scores['qualityScore']}</span> Quality
                                 <span class="score-circle" style="background: #e0e0e0;">{scores['timelinessScore']}</span> Time
         """
         for log in vendor_logs:
+            vendor_name = html.escape(log['vendorLogName'])
             html_content += f"""
+                                        <option>{vendor_name}</option>
             """
         html_content += """
         """
         for log in sorted_logs[:5]:  # Show recent 5 reports
+            vendor_name = html.escape(log['vendorLogName'])
             html_content += f"""
                                 <div style="margin-bottom: 10px;">
+                                    📄 {vendor_name} - Monthly Performance
                                     <span style="float: right;">
                                         <small>5/1/2025</small>
                                         <a href="#" style="margin-left: 10px;">⬇</a>
             </body>
         </html>
         """
+        # Ensure the HTML content is properly encoded
+        return HTMLResponse(content=html_content.encode('utf-8'), media_type="text/html; charset=utf-8")
     except Exception as e:
         # Log the full stack trace for better debugging
         error_trace = traceback.format_exc()