Enable autoescape security feature for processing markdown data in descriptions from the BPMN Diagrams

2020-02-25 16:21:47 -05:00 · 2020-02-25 16:21:47 -05:00 · c6eb2d937d
parent 1e8a095760
commit c6eb2d937d
1 changed files with 1 additions and 1 deletions
--- a/crc/models/workflow.py
+++ b/crc/models/workflow.py
@ -73,7 +73,7 @@ class Task(object):
    def process_documentation(self, documentation):
        '''Runs markdown documentation through the Jinja2 processor to inject data
        create loops, etc...'''
-        rtemplate = Environment(loader=BaseLoader).from_string(documentation)
+        rtemplate = Environment(autoescape=True, loader=BaseLoader).from_string(documentation)
        self.documentation = rtemplate.render(**self.data)