mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
9 lines
337 B
Python
9 lines
337 B
Python
# Safe: Mako TemplateLookup.get_template receives a literal template name.
|
|
# No tainted flow into the loader-path argument, no SSTI.
|
|
from mako.lookup import TemplateLookup
|
|
|
|
|
|
def handler():
|
|
lookup = TemplateLookup(directories=["/srv/templates"])
|
|
template = lookup.get_template("home.mako")
|
|
return template.render(user="anon")
|