From eedf458ca4c5a02688590a6077e10b73f305c39a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20=C3=96stberg?= Date: Tue, 10 Jan 2023 09:49:51 +0100 Subject: [PATCH 1/2] Escape incoming data --- form_manager/utils.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/form_manager/utils.py b/form_manager/utils.py index bafd58c..ffcf80a 100644 --- a/form_manager/utils.py +++ b/form_manager/utils.py @@ -91,7 +91,11 @@ def apply_template(template: str, data: dict) -> str: str: The resulting text. """ try: - jinja_env = jinja2.Environment(loader=jinja2.BaseLoader()).from_string(template) + jinja_env = jinja2.Environment(loader=jinja2.BaseLoader(), + autoescape=jinja2.select_autoescape( + default_for_string=True, + default=True, + )).from_string(template) except TemplateSyntaxError as exc: raise ValueError("Unable to use the template in Jinja") from exc return jinja_env.render(**data) From fedc456e18799cbfc37fe390eb8b7f48179ba99c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20=C3=96stberg?= Date: Tue, 10 Jan 2023 09:51:35 +0100 Subject: [PATCH 2/2] Formatting --- form_manager/utils.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/form_manager/utils.py b/form_manager/utils.py index ffcf80a..5fb8dce 100644 --- a/form_manager/utils.py +++ b/form_manager/utils.py @@ -91,11 +91,13 @@ def apply_template(template: str, data: dict) -> str: str: The resulting text. """ try: - jinja_env = jinja2.Environment(loader=jinja2.BaseLoader(), - autoescape=jinja2.select_autoescape( - default_for_string=True, - default=True, - )).from_string(template) + jinja_env = jinja2.Environment( + loader=jinja2.BaseLoader(), + autoescape=jinja2.select_autoescape( + default_for_string=True, + default=True, + ), + ).from_string(template) except TemplateSyntaxError as exc: raise ValueError("Unable to use the template in Jinja") from exc return jinja_env.render(**data)