Merge "Do not autoescape all Jinja2 templates"
This commit is contained in:
commit
45d9390187
|
@ -472,7 +472,12 @@ def render_template(template, params, is_file=True):
|
||||||
else:
|
else:
|
||||||
tmpl_name = 'template'
|
tmpl_name = 'template'
|
||||||
loader = jinja2.DictLoader({tmpl_name: template})
|
loader = jinja2.DictLoader({tmpl_name: template})
|
||||||
env = jinja2.Environment(loader=loader, autoescape=True)
|
# NOTE(pas-ha) bandit does not seem to cope with such syntaxis
|
||||||
|
# and still complains with B701 for that line
|
||||||
|
# NOTE(pas-ha) not using default_for_string=False as we set the name
|
||||||
|
# of the template above for strings too.
|
||||||
|
env = jinja2.Environment(loader=loader, # nosec B701
|
||||||
|
autoescape=jinja2.select_autoescape())
|
||||||
tmpl = env.get_template(tmpl_name)
|
tmpl = env.get_template(tmpl_name)
|
||||||
return tmpl.render(params, enumerate=enumerate)
|
return tmpl.render(params, enumerate=enumerate)
|
||||||
|
|
||||||
|
|
|
@ -535,6 +535,15 @@ class JinjaTemplatingTestCase(base.TestCase):
|
||||||
self.params,
|
self.params,
|
||||||
is_file=False))
|
is_file=False))
|
||||||
|
|
||||||
|
def test_render_with_quotes(self):
|
||||||
|
"""test jinja2 autoescaping for everything is disabled """
|
||||||
|
self.expected = '"spam" ham'
|
||||||
|
self.params = {'foo': '"spam"', 'bar': 'ham'}
|
||||||
|
self.assertEqual(self.expected,
|
||||||
|
utils.render_template(self.template,
|
||||||
|
self.params,
|
||||||
|
is_file=False))
|
||||||
|
|
||||||
@mock.patch('ironic.common.utils.jinja2.FileSystemLoader', autospec=True)
|
@mock.patch('ironic.common.utils.jinja2.FileSystemLoader', autospec=True)
|
||||||
def test_render_file(self, jinja_fsl_mock):
|
def test_render_file(self, jinja_fsl_mock):
|
||||||
path = '/path/to/template.j2'
|
path = '/path/to/template.j2'
|
||||||
|
|
Loading…
Reference in New Issue