[Security] Fix CodeQL alert #41: Reflected server-side cross-site scripting

[devin-ai-integration]

Summary

Fixes reflected server-side cross-site scripting in the /fetch endpoint of vulnerable_ssrf.py (CodeQL alert #41, CWE-079).

The fetch_url() function returns response.text directly to the client. If the fetched URL serves HTML/JS content, it is reflected verbatim — enabling XSS via a crafted URL parameter.

Fix: Escape the response text using markupsafe.escape() before returning it.

Scope: This PR only addresses the reflected XSS on line 13. The underlying SSRF vulnerability (user-controlled URL) and other unescaped return values in this file are tracked under separate alerts.

Review & Testing Checklist for Human

• Verify that markupsafe is importable in the runtime — it's a transitive dependency of Flask/Jinja2 but is not explicitly declared in Pipfile
• Test that fetching a URL returning <script>alert(1)</script> results in escaped HTML entities in the response, not executable JS
• Consider whether str(escape(response.text)) should just be escape(response.text) — the outer str() strips the Markup type but doesn't change the escaped content; Flask accepts both

Notes

• Only the /fetch endpoint is patched. Other endpoints in the same file (/proxy, /image, /metadata) also return unescaped content and are tracked as separate CodeQL alerts.
• The SSRF issue (arbitrary URL fetching) is out of scope for this PR.

Link to Devin session: https://app.devin.ai/sessions/b1e0e08d72aa4bb7a4c7b4d5f86ba798
Requested by: @colin-d-fried

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring