Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

possible typo #3

Merged
merged 1 commit into from Jan 13, 2020
Merged

possible typo #3

merged 1 commit into from Jan 13, 2020

Conversation

@daghan
Copy link
Contributor

daghan commented Jan 2, 2020

Hi there,

We have a free program analysis tool for Python based web projects, called Bento. While we were scanning GitHub projects for issues, your project triggered a warning for unescaped Jinja templates.

In app/views/post.py:63, you're calling render_template() with a template file that doesn't end with .html, .htm, .xml, or .xhtml extension. Jinja only auto-escapes files with those extensions, so I first thought this could lead to a security issue. But looking more carefully, I realized that this is probably a simple typo, hence the PR.

Bento flagged a few other issues including the usage of "bare except" but I left those alone. If you are curious, feel free download and give Bento a try (https://bento.dev)

@Depado Depado merged commit 70e4bdf into Depado:master Jan 13, 2020
@Depado

This comment has been minimized.

Copy link
Owner

Depado commented Jan 13, 2020

Hey!
Thanks for the PR. This project is no longer maintained though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.