Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
escaping user provided variables in Jinja templates #13
We have a free program analysis tool for Python based web projects, called Bento. While we were scanning GitHub projects for issues, your project triggered a warning for unescaped Jinja templates.
You are passing the host parameter to your jinja template in views.py:63.
Note that if your template file extensions ended with
Bento flagged a few other issues including the usage of "bare except" but I didn't mess with those to keep this PR simple. If you are curious, feel free download and give Bento a try (https://bento.dev)
Hey @daghan, thanks for your PR. I wasn't aware that
Instead of the change you suggested, would renaming the files to use a