shoko/jujutsu-skills
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

security(polymarket-browse): use proper URL encoding for --search parameter

Browse Source 
- Import quote from urllib.parse
- Replace q.replace(' ', '%20') with quote(q, safe='')
- Properly encodes: &, =, %, +, #, ?, and other special chars
- Prevents URL injection attacks
This commit is contained in:
shoko
2026-03-26 19:11:59 +00:00
parent dfad8d3072
commit bb7eebf502
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
skills/polymarket-browse/scripts/browse.py
View File

@@ -13,7 +13,7 @@ import os
from concurrent.futures import ThreadPoolExecutor, as_completed
from datetime import datetime, timezone, timedelta
from typing import Any, Callable, TypedDict
from urllib.parse import urlencode
from urllib.parse import urlencode, quote
from urllib.request import urlopen, Request
@@ -166,7 +166,7 @@ def fetch_page(
) -> dict[str, Any] | None:
base = "https://gamma-api.polymarket.com/public-search"
url = (
f"{base}?q={q.replace(' ', '%20')}&limit={PAGE_SIZE}&page={page}"
f"{base}?q={quote(q, safe='')}&limit={PAGE_SIZE}&page={page}"
f"&search_profiles=false&search_tags=false"
f"&keep_closed_markets=0&events_status=active&cache=false"
)