From 0ab7d48622a7d199e47145e4d687a699474c55ec Mon Sep 17 00:00:00 2001 From: s3lph Date: Fri, 20 Jul 2018 13:57:23 +0200 Subject: [PATCH 1/5] Enabled jinja2 escaping by default. --- matemat/webserver/httpd.py | 3 ++- templates/base.html | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/matemat/webserver/httpd.py b/matemat/webserver/httpd.py index e2bde4f..cd4f823 100644 --- a/matemat/webserver/httpd.py +++ b/matemat/webserver/httpd.py @@ -116,7 +116,8 @@ class MatematHTTPServer(HTTPServer): self.pagelet_variables = pagelet_variables # Set up the Jinja2 environment self.jinja_env: jinja2.Environment = jinja2.Environment( - loader=jinja2.FileSystemLoader(os.path.abspath(templateroot)) + loader=jinja2.FileSystemLoader(os.path.abspath(templateroot)), + autoescape=jinja2.select_autoescape(default=True) ) # Set up logger self.logger: logging.Logger = logging.getLogger('matemat.webserver') diff --git a/templates/base.html b/templates/base.html index ea2432a..8a48454 100644 --- a/templates/base.html +++ b/templates/base.html @@ -2,7 +2,7 @@ {% block head %} - {{ setupname }} + {{ setupname|safe }} {% endblock %} @@ -28,7 +28,7 @@