Skip to content

Commit e4878e6

Browse files
georgeRobertsongeorgeRobertson
committed
fix: resolve issue with jinja2 environment and security concern around autoescape handling in jinja templates
1 parent 686eaac commit e4878e6

1 file changed

Lines changed: 4 additions & 1 deletion

File tree

src/dve/core_engine/templating.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,10 @@ def _raise_rule_templating_error(message: str) -> NoReturn:
3131

3232

3333
T = TypeVar("T", bound=JSONable)
34-
ENVIRONMENT = jinja2.Environment(autoescape=False, undefined=PreserveTemplateUndefined)
34+
ENVIRONMENT = jinja2.Environment(
35+
autoescape=jinja2.select_autoescape(default_for_string=False),
36+
undefined=PreserveTemplateUndefined,
37+
)
3538
ENVIRONMENT.globals["repr"] = repr
3639
ENVIRONMENT.globals["str"] = str
3740
ENVIRONMENT.globals["raise"] = _raise_rule_templating_error

0 commit comments

Comments
 (0)