We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The Jinja2 autoescape check doesn't work with the new suggested way of escaping as described here:
http://jinja.pocoo.org/docs/2.9/api/
An example of a safe way to escape is selectively for html and xss:
env = Environment( loader=PackageLoader('yourapplication', 'templates'), autoescape=select_autoescape(['html', 'xml']) )
We should update the Bandit plugin to not flag people following the Jinja directions.
The text was updated successfully, but these errors were encountered:
@ericwb Why is this issue closed? I ran in the same kind of issue…
Sorry, something went wrong.
@andi1984 This issue was a result of a bad script to migrate bugs from launchpad to Github. It was already fixed in the openstack git repo.
See: https://bugs.launchpad.net/bandit/+bug/1684249 https://review.openstack.org/#/c/488939/
Also here: 8f1b50b
No branches or pull requests
The Jinja2 autoescape check doesn't work with the new suggested way of escaping as described here:
http://jinja.pocoo.org/docs/2.9/api/
An example of a safe way to escape is selectively for html and xss:
env = Environment(
loader=PackageLoader('yourapplication', 'templates'),
autoescape=select_autoescape(['html', 'xml'])
)
We should update the Bandit plugin to not flag people following the Jinja directions.
The text was updated successfully, but these errors were encountered: