-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathJinjaSsti.py
More file actions
31 lines (26 loc) · 849 Bytes
/
JinjaSsti.py
File metadata and controls
31 lines (26 loc) · 849 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
from django.urls import path
from django.http import HttpResponse
from jinja2 import Template
from jinja2 import Environment, DictLoader, escape
def a(request):
# Load the template
template = request.GET['template']
t = Template(template) # BAD: Template constructed from user input
name = request.GET['name']
# Render the template with the context data
html = t.render(name=escape(name))
return HttpResponse(html)
def b(request):
import jinja2
# Load the template
template = request.GET['template']
env = Environment()
t = env.from_string(template) # BAD: Template constructed from user input
name = request.GET['name']
# Render the template with the context data
html = t.render(name=escape(name))
return HttpResponse(html)
urlpatterns = [
path('a', a),
path('b', b)
]