mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
9 lines
332 B
Python
9 lines
332 B
Python
|
# Safe-template-var: Flask `render_template("file.html", **vars)`. The
|
||
|
|
# first arg is a *file path* (constant), variables carry user input but
|
||
|
|
# never become template source. Must NOT fire SSTI.
|
||
|
|
from flask import render_template, request
|
||
|
|
|
||
|
|
|
||
|
|
def handler():
|
||
|
|
return render_template("greeting.html", name=request.args.get("name"))
|