slightly improved accesibility

modules/Render.py

@@ -41,7 +41,7 @@ def headers(server, code):
     server.send_header("Content-type", guess_type(server.path))
 
     if not server.cookie:
-        cookie = RandString()
+        cookie = RandString(200)
         KnownCookies.append(cookie)
         server.send_header("Set-Cookie", "temp_id="+cookie)
         
@@ -355,10 +355,10 @@ def MainPage(server):
 
     <form action="/search">
         
-    <input name="text" class="button" placeholder="Search..." >
+    <input name="text" class="button" title="Search text" placeholder="Search..." >
     
-    <button class="button" type="submit">    
-    <img style="vertical-align: middle" src="/icon/search">
+    <button title="Start the search" class="button" type="submit">    
+    <img alt="[icon search]" style="vertical-align: middle" src="/icon/search">
     Search
     </button>
 
@@ -551,8 +551,11 @@ def ArticlePage(server, url):
     referrers = Articles.get(article, {}).get("views", {}).get("referrers", {})
     if referrers:
         for referrer in referrers:
-            html = html + referrer + " : 👁 "+str(referrers[referrer]) + "<br>\n"
+            # Filtering out probably bad links.
+            if "https://" in referrer and ".onion" not in referrer:
+                html = html + Safe(referrer) + " : 👁 "+str(referrers[referrer]) + "<br>\n"
 
+            
     html = html + """
     </details>
     """
@@ -583,7 +586,7 @@ def ArticlePage(server, url):
     # RSS
 
     rsslink = "https://"+config.get("domain", "")+"/rss"
-    authorrsslink = rsslink+"?author="+Articles.get(article, {}).get("author","")
+    authorrsslink = rsslink+"?author="+Safe(Articles.get(article, {}).get("author",""))
     
     html = html + """
     
@@ -1294,10 +1297,10 @@ def Button(text, link, icon="", image=""):
     <a class="button" href=\""""+link+"""">"""
     if icon:
         html = html + """
-        <img src="/icon/"""+icon+"""" style="vertical-align: middle">"""
+        <img alt="[icon """+icon+"""]" src="/icon/"""+icon+"""" style="vertical-align: middle">"""
     if image:
         html = html + """
-        <img src=\""""+image+"""" style="height:40px;vertical-align: middle">"""
+        <img alt="[icon """+icon+"""]" src=\""""+image+"""" style="height:40px;vertical-align: middle">"""
         
     html = html + """
     """+text+"""</a>
@@ -1319,11 +1322,11 @@ def ArticlePreview(article, Tabs, cookie=""):
         sup = '<center><sup><b> &nbsp; Unread &nbsp; </b></sup></center><br>'
     
     html = html + '<a href="'+url+'"><h1>'
-    html = html + '<img src="/icon/'+Tabs.get(tab, {}).get("icon", "folder")+'" style="vertical-align: middle">'
+    html = html + '<img  alt="[icon '+tab+']" src="/icon/'+Tabs.get(tab, {}).get("icon", "folder")+'" style="vertical-align: middle">'
     html = html + article.get("title", "")+"</h1></a>"+sup+"\n"
 
     if "thumbnail" in article:
-        html = html + '<center><a href="'+url+'"><img src="'+article["thumbnail"]+'"></a></center>'
+        html = html + '<center><a href="'+url+'"><img alt="[thumbnail]" src="'+article["thumbnail"]+'"></a></center>'
 
     author = article.get("author", "")
     if author:
@@ -1371,9 +1374,9 @@ def User(username, stretch=False):
     username = Safe(username)
     title = Safe(account.get("title", username))
     if account:
-        html = '<img style="height:50px;vertical-align: middle" src="'+avatar+'">&nbsp;&nbsp;<a href="/account/'+username+'">'+title+'</a></center>\n'
+        html = '<img alt="[avatar]" style="height:50px;vertical-align: middle" src="'+avatar+'">&nbsp;&nbsp;<a href="/account/'+username+'">'+title+'</a></center>\n'
     else:
-        html = '<img style="height:50px;vertical-align: middle" src="'+avatar+'">&nbsp;&nbsp;'+title+'</center>\n'
+        html = '<img alt="[avatar]" style="height:50px;vertical-align: middle" src="'+avatar+'">&nbsp;&nbsp;'+title+'</center>\n'
 
     return html
 
@@ -1483,8 +1486,9 @@ def Graph(server, url):
 
             if "referrers" not in article["views"]:
                 article["views"]["referrers"] = {}
-                if referrer and referrer not in article["views"]["referrers"]:
-                    article["views"]["referrers"][referrer] = 0
+                
+            if referrer and referrer not in article["views"]["referrers"]:
+                article["views"]["referrers"][referrer] = 0
 
             if referrer:
                 article["views"]["referrers"][referrer] += 1
@@ -1650,7 +1654,7 @@ def LoginButton(server):
 
     if not user:
         html = html + '<a class="button" href="/login">'
-        html = html + '<img style="vertical-align: middle" src="/icon/unlock"> Login'
+        html = html + '<img alt="[icon user]" style="vertical-align: middle" src="/icon/unlock"> Login'
         html = html + '</a>'
 
     else:
@@ -1663,7 +1667,7 @@ def LoginButton(server):
         html = html + '<a class="button" href="/settings">'
         avatar = Safe(user.get("avatar", ""))
         if not avatar: avatar = "/pictures/monkey.png"
-        html = html + '<img style="height:40px;vertical-align: middle" src="'+avatar+'"> '
+        html = html + '<img alt="[avatar]" style="height:40px;vertical-align: middle" src="'+avatar+'"> '
         html = html + user.get("title", user.get("username", "Anonymous"))
         html = html + sup
         html = html + '</a>'

modules/Run.py

@@ -64,7 +64,7 @@ class handler(BaseHTTPRequestHandler):
 
         self.cookie = self.headers.get("Cookie")
         self.newview = False
-        if self.cookie: self.cookie = self.cookie[-50:]
+        if self.cookie: self.cookie = self.cookie[-200:]
 
         # Failing early to make sure that nobody will
         # try attacking this part of the server.
@@ -122,7 +122,7 @@ class handler(BaseHTTPRequestHandler):
         self.parsed = urllib.parse.parse_qs(parsed_url.query)
         
         self.cookie = self.headers.get("Cookie")
-        if self.cookie: self.cookie = self.cookie[-50:]
+        if self.cookie: self.cookie = self.cookie[-200:]
 
         # ignore = ["/rss"]
         

modules/markdown.py

@@ -481,7 +481,7 @@ def convert(filename, isfile=True):
     
             else:
                 i[-1] = i[-1].replace("lbry://", "https://spee.ch/")
-                textReturn = textReturn + '\n<center><img src="'+i[-1]+'"></center>'
+                textReturn = textReturn + '\n<center><img title="'+i[1].replace('"', "&quot;")+'" alt="[embedded image]" src="'+i[-1]+'"></center>'
             
 
         elif i[0] == "link":