mirror of
https://github.com/dgtlmoon/changedetection.io.git
synced 2025-10-30 14:17:40 +00:00
c0f000b1d1
* Auto-escape was not enabled GHSA-pwgc-w4x9-gw67 * Auto-escape was not enabled because the filenames were not something jinja2 enables it for.
275 B
275 B
Important notes about templates
Template names should always end in ".html", ".htm", ".xml", ".xhtml", ".svg", even the import'ed templates.
Jinja2's def select_jinja_autoescape(self, filename: str) -> bool: will check the filename extension and enable autoescaping