Enabled jinja2 escaping by default.

This commit is contained in:
s3lph 2018-07-20 13:57:23 +02:00
parent 63aef74e10
commit 0ab7d48622
2 changed files with 4 additions and 3 deletions

View file

@ -116,7 +116,8 @@ class MatematHTTPServer(HTTPServer):
self.pagelet_variables = pagelet_variables
# Set up the Jinja2 environment
self.jinja_env: jinja2.Environment = jinja2.Environment(
loader=jinja2.FileSystemLoader(os.path.abspath(templateroot))
loader=jinja2.FileSystemLoader(os.path.abspath(templateroot)),
autoescape=jinja2.select_autoescape(default=True)
)
# Set up logger
self.logger: logging.Logger = logging.getLogger('matemat.webserver')

View file

@ -2,7 +2,7 @@
<html>
<head>
{% block head %}
<title>{{ setupname }}</title>
<title>{{ setupname|safe }}</title>
<link rel="stylesheet" href="/css/matemat.css" />
{% endblock %}
</head>
@ -28,7 +28,7 @@
<footer>
{% block footer %}
<ul>
<li> {{ setupname }}
<li> {{ setupname|safe }}
<li> Matemat {{__version__}}
<li> &copy; 2018 s3lph
<li> MIT License