Browse Source

Set autoescape=True to resolve Bandit B701 error

From Bandit's read the docs:
Jinja2 is a Python HTML templating system. It is typically used to build web
applications, though appears in other places well, notably the Ansible
automation system. When configuring the Jinja2 environment, the option to use
autoescaping on input can be specified. When autoescaping is enabled, Jinja2
will filter input strings to escape any HTML content submitted via template
variables. Without escaping HTML input the application becomes vulnerable to
Cross Site Scripting (XSS) attacks.

Change-Id: I95481c1e863ee144611f85d63274b4514d99a926
Alexander Hughes 2 weeks ago
parent
commit
fab8844461
1 changed files with 1 additions and 1 deletions
  1. 1
    1
      spyglass/site_processors/site_processor.py

+ 1
- 1
spyglass/site_processors/site_processor.py View File

@@ -48,7 +48,7 @@ class SiteProcessor(BaseProcessor):
48 48
         for dirpath, dirs, files in os.walk(template_dir_abspath):
49 49
             for filename in files:
50 50
                 j2_env = Environment(
51
-                    autoescape=False,
51
+                    autoescape=True,
52 52
                     loader=FileSystemLoader(dirpath),
53 53
                     trim_blocks=True)
54 54
                 j2_env.filters[

Loading…
Cancel
Save