diff options
author | Patrick Uiterwijk <puiterwijk@redhat.com> | 2015-08-18 17:10:46 +0200 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2015-08-21 15:45:20 +0200 |
commit | a503aa9c2a30a74e709d1c88099befd50fb2eb16 (patch) | |
tree | 7f514df6fc75652b239c26596c0d374e1f2f10d2 /ipsilon | |
parent | 826e6339441546f596320f3d73304ab5f7c10de6 (diff) | |
download | ipsilon-a503aa9c2a30a74e709d1c88099befd50fb2eb16.tar.gz ipsilon-a503aa9c2a30a74e709d1c88099befd50fb2eb16.tar.xz ipsilon-a503aa9c2a30a74e709d1c88099befd50fb2eb16.zip |
Enable auto-escaping templates
This will prevent most cases of insertion of HTML or other
code into the generated HTML.
Fixes: CVE-2015-5215
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipsilon')
-rwxr-xr-x | ipsilon/ipsilon | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ipsilon/ipsilon b/ipsilon/ipsilon index a0cc158..bec13af 100755 --- a/ipsilon/ipsilon +++ b/ipsilon/ipsilon @@ -60,7 +60,9 @@ else: template_loaders.append(FileSystemLoader( os.path.join(cherrypy.config['base.dir'], default_template_dir))) -template_env = Environment(loader=ChoiceLoader(template_loaders)) +template_env = Environment(loader=ChoiceLoader(template_loaders), + autoescape=True, + extensions=['jinja2.ext.autoescape']) if __name__ == "__main__": conf = {'/': {'tools.staticdir.root': os.getcwd()}, |