From fab88444611a17631ce14c254711e42af859f3fb Mon Sep 17 00:00:00 2001
From: Alexander Hughes <ah8742@att.com>
Date: Mon, 1 Apr 2019 12:42:05 -0500
Subject: [PATCH] Set autoescape=True to resolve Bandit B701 error

From Bandit's read the docs:
Jinja2 is a Python HTML templating system. It is typically used to build web
applications, though appears in other places well, notably the Ansible
automation system. When configuring the Jinja2 environment, the option to use
autoescaping on input can be specified. When autoescaping is enabled, Jinja2
will filter input strings to escape any HTML content submitted via template
variables. Without escaping HTML input the application becomes vulnerable to
Cross Site Scripting (XSS) attacks.

Change-Id: I95481c1e863ee144611f85d63274b4514d99a926
---
 spyglass/site_processors/site_processor.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spyglass/site_processors/site_processor.py b/spyglass/site_processors/site_processor.py
index 9f65e2d..728d96d 100644
--- a/spyglass/site_processors/site_processor.py
+++ b/spyglass/site_processors/site_processor.py
@@ -48,7 +48,7 @@ class SiteProcessor(BaseProcessor):
         for dirpath, dirs, files in os.walk(template_dir_abspath):
             for filename in files:
                 j2_env = Environment(
-                    autoescape=False,
+                    autoescape=True,
                     loader=FileSystemLoader(dirpath),
                     trim_blocks=True)
                 j2_env.filters[