nyx/tests/fixtures/ssti/python/unsafe_jinja_compile_expression.py

# Unsafe: jinja2 Environment.compile_expression accepts an arbitrary
# expression source; tainted input compiles into an executable callable.
from jinja2 import Environment
from flask import request


def handler():
    env = Environment()
    expr_src = request.form["expr"]
    expr = env.compile_expression(expr_src)
    return str(expr({}))
new capacity bits (#67) 2026-05-07 01:29:31 -04:00			`# Unsafe: jinja2 Environment.compile_expression accepts an arbitrary`
			`# expression source; tainted input compiles into an executable callable.`
			`from jinja2 import Environment`
			`from flask import request`


			`def handler():`
			`env = Environment()`
			`expr_src = request.form["expr"]`
			`expr = env.compile_expression(expr_src)`
			`return str(expr({}))`