mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-21 20:18:06 +02:00
10 lines
337 B
Python
10 lines
337 B
Python
|
# Safe: Mako TemplateLookup.get_template receives a literal template name.
|
||
|
|
# No tainted flow into the loader-path argument, no SSTI.
|
||
|
|
from mako.lookup import TemplateLookup
|
||
|
|
|
||
|
|
|
||
|
|
def handler():
|
||
|
|
lookup = TemplateLookup(directories=["/srv/templates"])
|
||
|
|
template = lookup.get_template("home.mako")
|
||
|
|
return template.render(user="anon")
|