mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
13 lines
482 B
Python
13 lines
482 B
Python
"""Phase 04 (Track J.2) — Python Jinja2 benign control fixture.
|
|
|
|
The function escapes the body as plain text before handing it to a
|
|
fixed Jinja2 template that never interpolates the user-controlled
|
|
value, so even an SSTI-shaped payload cannot reach the evaluator.
|
|
"""
|
|
from jinja2 import Template
|
|
|
|
|
|
def run(body: str) -> str:
|
|
safe = body.replace("{", "{").replace("}", "}")
|
|
template = Template("{{ safe_body | safe }}")
|
|
return template.render(safe_body=safe)
|