nyx/tests/fixtures/ssti/python/unsafe_jinja_template.py

# Unsafe: jinja2.Template receives a template *source* string built from
# request data.  SSTI fires on the source argument.
from jinja2 import Template
from flask import request


def handler():
    src = request.form["template"]
    t = Template(src)
    return t.render(user="anon")
new capacity bits (#67) 2026-05-07 01:29:31 -04:00			`# Unsafe: jinja2.Template receives a template source string built from`
			`# request data. SSTI fires on the source argument.`
			`from jinja2 import Template`
			`from flask import request`


			`def handler():`
			`src = request.form["template"]`
			`t = Template(src)`
			`return t.render(user="anon")`