diff options
author | Trevor McCasland <TM2086@att.com> | 2017-04-06 09:03:10 -0500 |
---|---|---|
committer | Trevor McCasland <TM2086@att.com> | 2017-04-06 14:48:29 +0000 |
commit | a173923ed534b114ad6c09af7ba2c72921200a3b (patch) | |
tree | 11a3e0cfa271a865e62806acefe9628af266f3ce /trove/common/utils.py | |
parent | 03091f1c58908f48ad3baee8e34ccff66eb293ba (diff) | |
download | trove-a173923ed534b114ad6c09af7ba2c72921200a3b.tar.gz |
Add jinja2 autoescape=True
For avoiding XSS vulnerabilities, bandit suggests to set
autoescape=True.
After this change the bandit issues no longer appears.
Change-Id: Ic47dadef49b4504b3bcfbdc63ea85c937aabf334
Closes-Bug: #1663417
Diffstat (limited to 'trove/common/utils.py')
-rw-r--r-- | trove/common/utils.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/trove/common/utils.py b/trove/common/utils.py index d846b97b..90139870 100644 --- a/trove/common/utils.py +++ b/trove/common/utils.py @@ -50,10 +50,12 @@ isotime = timeutils.isotime def build_jinja_environment(): - env = jinja2.Environment(loader=jinja2.ChoiceLoader([ - jinja2.FileSystemLoader(CONF.template_path), - jinja2.PackageLoader("trove", "templates") - ])) + env = jinja2.Environment( + autoescape=True, + loader=jinja2.ChoiceLoader([ + jinja2.FileSystemLoader(CONF.template_path), + jinja2.PackageLoader("trove", "templates") + ])) # Add some basic operation not built-in. env.globals['max'] = max env.globals['min'] = min |