From c6eb2d937dc515b1c10776f3ad40fdb6d1b03282 Mon Sep 17 00:00:00 2001 From: Dan Funk Date: Tue, 25 Feb 2020 16:21:47 -0500 Subject: [PATCH] Enable autoescape security feature for processing markdown data in descriptions from the BPMN Diagrams --- crc/models/workflow.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crc/models/workflow.py b/crc/models/workflow.py index a43f6098..d4b42e92 100644 --- a/crc/models/workflow.py +++ b/crc/models/workflow.py @@ -73,7 +73,7 @@ class Task(object): def process_documentation(self, documentation): '''Runs markdown documentation through the Jinja2 processor to inject data create loops, etc...''' - rtemplate = Environment(loader=BaseLoader).from_string(documentation) + rtemplate = Environment(autoescape=True, loader=BaseLoader).from_string(documentation) self.documentation = rtemplate.render(**self.data)