apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/fixtures/ssti/python/safe_render_template_var.py
Eli Peter 7d0e7320e2
new capacity bits (#67)
2026-05-07 01:29:31 -04:00

8 lines
332 B
Python
Raw Permalink Blame History

# Safe-template-var: Flask `render_template("file.html", **vars)`. The
# first arg is a *file path* (constant), variables carry user input but
# never become template source. Must NOT fire SSTI.
from flask import render_template, request
def handler():
return render_template("greeting.html", name=request.args.get("name"))
Reference in a new issue View git blame Copy permalink