Add jinja2 autoescape=True

For avoiding XSS vulnerabilities, bandit suggests to set autoescape=True. After this change the bandit issues no longer appears. Change-Id: Ic47dadef49b4504b3bcfbdc63ea85c937aabf334 Closes-Bug: #1663417
author: Trevor McCasland <TM2086@att.com> 2017-04-06 09:03:10 -0500
committer: Trevor McCasland <TM2086@att.com> 2017-04-06 14:48:29 +0000
commit: a173923ed534b114ad6c09af7ba2c72921200a3b (patch)
tree: 11a3e0cfa271a865e62806acefe9628af266f3ce /trove/common/utils.py
parent: 03091f1c58908f48ad3baee8e34ccff66eb293ba (diff)
download: trove-a173923ed534b114ad6c09af7ba2c72921200a3b.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/trove/common/utils.py b/trove/common/utils.py
index d846b97b..90139870 100644
--- a/trove/common/utils.py
+++ b/trove/common/utils.py
@@ -50,10 +50,12 @@ isotime = timeutils.isotime
 
 
 def build_jinja_environment():
-    env = jinja2.Environment(loader=jinja2.ChoiceLoader([
-        jinja2.FileSystemLoader(CONF.template_path),
-        jinja2.PackageLoader("trove", "templates")
-    ]))
+    env = jinja2.Environment(
+        autoescape=True,
+        loader=jinja2.ChoiceLoader([
+            jinja2.FileSystemLoader(CONF.template_path),
+            jinja2.PackageLoader("trove", "templates")
+        ]))
     # Add some basic operation not built-in.
     env.globals['max'] = max
     env.globals['min'] = min
author	Trevor McCasland <TM2086@att.com>	2017-04-06 09:03:10 -0500
committer	Trevor McCasland <TM2086@att.com>	2017-04-06 14:48:29 +0000
commit	a173923ed534b114ad6c09af7ba2c72921200a3b (patch)
tree	11a3e0cfa271a865e62806acefe9628af266f3ce /trove/common/utils.py
parent	03091f1c58908f48ad3baee8e34ccff66eb293ba (diff)
download	trove-a173923ed534b114ad6c09af7ba2c72921200a3b.tar.gz