vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

fix(security): Make Jinja Tighter

Browse source
This commit is contained in:
Aditya Hase 2019-07-29 17:07:09 +05:30
parent f5e1fd70ac
commit 472d33f3da
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
frappe/utils/jinja.py
View file

@ -6,10 +6,11 @@ def get_jenv():
import frappe
if not getattr(frappe.local, 'jenv', None):
from jinja2 import Environment, DebugUndefined
from jinja2 import DebugUndefined
from jinja2.sandbox import SandboxedEnvironment
# frappe will be loaded last, so app templates will get precedence
jenv = Environment(loader = get_jloader(),
jenv = SandboxedEnvironment(loader = get_jloader(),
undefined=DebugUndefined)
set_filters(jenv)