shoko/jujutsu-skills
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

security(polymarket-browse): use proper URL encoding for --search parameter

Browse Source 
- Import quote from urllib.parse
- Replace q.replace(' ', '%20') with quote(q, safe='')
- Properly encodes: &, =, %, +, #, ?, and other special chars
- Prevents URL injection attacks
This commit is contained in:
shoko
2026-03-26 19:11:59 +00:00
parent dfad8d3072
commit bb7eebf502
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
skills/polymarket-browse/scripts/browse.py
View File

@@ -13,7 +13,7 @@ import os
from concurrent.futures import ThreadPoolExecutor, as_completed from concurrent.futures import ThreadPoolExecutor, as_completed
from datetime import datetime, timezone, timedelta from datetime import datetime, timezone, timedelta
from typing import Any, Callable, TypedDict from typing import Any, Callable, TypedDict
from urllib.parse import urlencode from urllib.parse import urlencode, quote
from urllib.request import urlopen, Request from urllib.request import urlopen, Request
@@ -166,7 +166,7 @@ def fetch_page(
) -> dict[str, Any] | None: ) -> dict[str, Any] | None:
base = "https://gamma-api.polymarket.com/public-search" base = "https://gamma-api.polymarket.com/public-search"
url = ( url = (
f"{base}?q={q.replace(' ', '%20')}&limit={PAGE_SIZE}&page={page}" f"{base}?q={quote(q, safe='')}&limit={PAGE_SIZE}&page={page}"
f"&search_profiles=false&search_tags=false" f"&search_profiles=false&search_tags=false"
f"&keep_closed_markets=0&events_status=active&cache=false" f"&keep_closed_markets=0&events_status=active&cache=false"
) )