From 2c3b179197011628ee7f77c703c1e1ccf7237b2f Mon Sep 17 00:00:00 2001
From: Faris Ansari <netchamp.faris@gmail.com>
Date: Tue, 3 Aug 2021 11:57:42 +0530
Subject: [PATCH 1/2] fix: ability to disable safe_render for template pages

---
 frappe/website/page_renderers/template_page.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/frappe/website/page_renderers/template_page.py b/frappe/website/page_renderers/template_page.py
index 3ece8ff5d0..cf017be30b 100644
--- a/frappe/website/page_renderers/template_page.py
+++ b/frappe/website/page_renderers/template_page.py
@@ -204,7 +204,12 @@ class TemplatePage(BaseTemplatePage):
 		if self.template_path.endswith('min.js'):
 			html = self.source # static
 		else:
-			html = frappe.render_template(self.source, self.context)
+			if self.context.safe_render is not None:
+				safe_render = self.context.safe_render
+			else:
+				safe_render = True
+
+			html = frappe.render_template(self.source, self.context, safe_render=safe_render)
 
 		return html
 

From 7a34c542c1332d309d63f37d2cc7106486c6aea5 Mon Sep 17 00:00:00 2001
From: Faris Ansari <netchamp.faris@gmail.com>
Date: Tue, 3 Aug 2021 12:40:48 +0530
Subject: [PATCH 2/2] test: safe_render

---
 frappe/tests/test_website.py                | 10 ++++++++++
 frappe/www/_test/_test_safe_render_off.html |  7 +++++++
 frappe/www/_test/_test_safe_render_on.html  |  6 ++++++
 3 files changed, 23 insertions(+)
 create mode 100644 frappe/www/_test/_test_safe_render_off.html
 create mode 100644 frappe/www/_test/_test_safe_render_on.html

diff --git a/frappe/tests/test_website.py b/frappe/tests/test_website.py
index f1c4f3b3f5..818dc8bce6 100644
--- a/frappe/tests/test_website.py
+++ b/frappe/tests/test_website.py
@@ -280,6 +280,16 @@ class TestWebsite(unittest.TestCase):
 
 		frappe.flags.force_website_cache = False
 
+	def test_safe_render(self):
+		content = get_response_content('/_test/_test_safe_render_on')
+		self.assertNotIn("Safe Render On", content)
+		self.assertIn("frappe.exceptions.ValidationError: Illegal template", content)
+
+		content = get_response_content('/_test/_test_safe_render_off')
+		self.assertIn("Safe Render Off", content)
+		self.assertIn("test.__test", content)
+		self.assertNotIn("frappe.exceptions.ValidationError: Illegal template", content)
+
 
 def set_home_page_hook(key, value):
 	from frappe import hooks
diff --git a/frappe/www/_test/_test_safe_render_off.html b/frappe/www/_test/_test_safe_render_off.html
new file mode 100644
index 0000000000..5ad01d67d5
--- /dev/null
+++ b/frappe/www/_test/_test_safe_render_off.html
@@ -0,0 +1,7 @@
+---
+title: Safe Render Off
+safe_render: false
+---
+
+<div>{{ title }}</div>
+<div>test.__test</div>
diff --git a/frappe/www/_test/_test_safe_render_on.html b/frappe/www/_test/_test_safe_render_on.html
new file mode 100644
index 0000000000..d9f02ce081
--- /dev/null
+++ b/frappe/www/_test/_test_safe_render_on.html
@@ -0,0 +1,6 @@
+---
+title: Safe Render On
+---
+
+<div>{{ title }}</div>
+<div>test.__test</div>