* Auto-escape was not enabled GHSA-pwgc-w4x9-gw67 * Auto-escape was not enabled because the filenames were not something jinja2 enables it for.ui-search-error-messages
parent
ee5294740a
commit
c0f000b1d1
@ -0,0 +1,6 @@
|
|||||||
|
# Important notes about templates
|
||||||
|
|
||||||
|
Template names should always end in ".html", ".htm", ".xml", ".xhtml", ".svg", even the `import`'ed templates.
|
||||||
|
|
||||||
|
Jinja2's `def select_jinja_autoescape(self, filename: str) -> bool:` will check the filename extension and enable autoescaping
|
||||||
|
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
{% from '_helpers.jinja' import render_field %}
|
{% from '_helpers.html' import render_field %}
|
||||||
|
|
||||||
{% macro render_common_settings_form(form, emailprefix, settings_application) %}
|
{% macro render_common_settings_form(form, emailprefix, settings_application) %}
|
||||||
<div class="pure-control-group">
|
<div class="pure-control-group">
|
Loading…
Reference in new issue