sartography
/
cr-connect-workflow
mirror of https://github.com/sartography/cr-connect-workflow.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enable autoescape security feature for processing markdown data in descriptions from the BPMN Diagrams

This commit is contained in:
Dan Funk 2020-02-25 16:21:47 -05:00
parent 1e8a095760
commit c6eb2d937d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crc/models/workflow.py
View File

@ -73,7 +73,7 @@ class Task(object):
def process_documentation(self, documentation): def process_documentation(self, documentation):
'''Runs markdown documentation through the Jinja2 processor to inject data '''Runs markdown documentation through the Jinja2 processor to inject data
create loops, etc...''' create loops, etc...'''
rtemplate = Environment(loader=BaseLoader).from_string(documentation) rtemplate = Environment(autoescape=True, loader=BaseLoader).from_string(documentation)
self.documentation = rtemplate.render(**self.data) self.documentation = rtemplate.render(**self.data)