Set autoescape=True to resolve Bandit B701 error

From Bandit's read the docs: Jinja2 is a Python HTML templating system. It is typically used to build web applications, though appears in other places well, notably the Ansible automation system. When configuring the Jinja2 environment, the option to use autoescaping on input can be specified. When autoescaping is enabled, Jinja2 will filter input strings to escape any HTML content submitted via template variables. Without escaping HTML input the application becomes vulnerable to Cross Site Scripting (XSS) attacks. Change-Id: I95481c1e863ee144611f85d63274b4514d99a926
2019-04-01 12:42:05 -05:00 · 2019-04-01 12:42:05 -05:00 · fab8844461
parent dcf0735b08
commit fab8844461
1 changed files with 1 additions and 1 deletions
--- a/spyglass/site_processors/site_processor.py
+++ b/spyglass/site_processors/site_processor.py
@ -48,7 +48,7 @@ class SiteProcessor(BaseProcessor):
        for dirpath, dirs, files in os.walk(template_dir_abspath):
            for filename in files:
                j2_env = Environment(
-                    autoescape=False,
+                    autoescape=True,
                    loader=FileSystemLoader(dirpath),
                    trim_blocks=True)
                j2_env.filters[