diff --git a/app.py b/app.py index 2e41b57..ecc81fe 100644 --- a/app.py +++ b/app.py @@ -59,7 +59,8 @@ def index(): @app.route("/", methods=["GET"]) def file(filename): """Convert a md file into HTML and return it""" - if not filename.endswith(".md") or "/" in filename: + allowed_files = ["README.md", "pull-request.md"] + if filename not in allowed_files: abort(404) with open(filename) as f: md = f.read()