2 files changed, 8 insertions, 6 deletions

diff --git a/backend/routes/forms/unittesting.py b/backend/routes/forms/unittesting.py
index 175701f..b12cff2 100644
--- a/backend/routes/forms/unittesting.py
+++ b/backend/routes/forms/unittesting.py
@@ -1,3 +1,4 @@
+import base64
 from collections import namedtuple
 from itertools import count
 from textwrap import indent
@@ -45,10 +46,9 @@ def _make_unit_code(units: dict[str, str]) -> str:
 
 
 def _make_user_code(code: str) -> str:
-    """Compose the user code into an actual string variable."""
-    # Make sure that we we escape triple quotes in the user code
-    code = code.replace('"""', '\\"""')
-    return f'USER_CODE = r"""{code}"""'
+    """Compose the user code into an actual base64-encoded string variable."""
+    code = base64.b64encode(code.encode("utf8")).decode("utf8")
+    return f'USER_CODE = b"{code}"'
 
 
 async def _post_eval(code: str) -> dict[str, str]:
diff --git a/resources/unittest_template.py b/resources/unittest_template.py
index 38e3be8..2410278 100644
--- a/resources/unittest_template.py
+++ b/resources/unittest_template.py
@@ -1,6 +1,7 @@
 # flake8: noqa
 """This template is used inside snekbox to evaluate and test user code."""
 import ast
+import base64
 import io
 import os
 import sys
@@ -36,14 +37,15 @@ def _exit_sandbox(code: int) -> NoReturn:
 
 def _load_user_module() -> ModuleType:
     """Load the user code into a new module and return it."""
+    code = base64.b64decode(USER_CODE).decode("utf8")
     try:
-        ast.parse(USER_CODE, "<input>")
+        ast.parse(code, "<input>")
     except SyntaxError:
         RESULT.write("".join(traceback.format_exception(*sys.exc_info(), limit=0)))
         _exit_sandbox(5)
 
     _module = ModuleType("module")
-    exec(USER_CODE, _module.__dict__)
+    exec(code, _module.__dict__)
 
     return _module