From 6ab4b0e0285405d0c1d8d20825e16b840400335a Mon Sep 17 00:00:00 2001
From: izar <izar.tarandach@gmail.com>
Date: Wed, 31 Mar 2021 11:42:55 -0400
Subject: [PATCH] Added HTML escaping to threat strings

---
 pytm/pytm.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pytm/pytm.py b/pytm/pytm.py
index 2e4cb28..aaae8ce 100644
--- a/pytm/pytm.py
+++ b/pytm/pytm.py
@@ -7,6 +7,8 @@
 import random
 import sys
 import uuid
+import html
+
 from collections import Counter, defaultdict
 from collections.abc import Iterable
 from enum import Enum
@@ -656,6 +658,9 @@ def _add_threats(self):
             threats_json = json.load(threat_file)
 
         for i in threats_json:
+            for k, v in i.items():
+                if isinstance(v, str) and k != "condition":
+                    i[k] = html.escape(i[k])
             TM._threats.append(Threat(**i))
 
     def resolve(self):