mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
10 lines
286 B
Python
10 lines
286 B
Python
# Unsafe: jinja2.Template receives a template *source* string built from
|
|
# request data. SSTI fires on the source argument.
|
|
from jinja2 import Template
|
|
from flask import request
|
|
|
|
|
|
def handler():
|
|
src = request.form["template"]
|
|
t = Template(src)
|
|
return t.render(user="anon")
|