Add autoescape to Jinja environment

mongkok · mongkok · commit 33f060db3455 · 2024-02-13T03:18:08.000+07:00
diff --git a/debug_toolbar/settings.py b/debug_toolbar/settings.py
@@ -53,7 +53,7 @@ class DebugToolbarSettings(BaseSettings):
         ),
     )
     JINJA_ENV: Environment = Field(
-        Environment(),
+        Environment(autoescape=True),
         description="The Jinja environment instance used to render the toolbar.",
     )
     JINJA_LOADERS: list[BaseLoader] = Field(
diff --git a/debug_toolbar/templates/panels/profiling.html b/debug_toolbar/templates/panels/profiling.html
@@ -1,6 +1,6 @@
 <iframe id="profilingContent">
   <style>.header { display: none; }</style>
-  {{ content }}
+  {{ content | safe }}
 </iframe>
 
 <script>

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ class DebugToolbarSettings(BaseSettings):`
`53`	`53`	`),`
`54`	`54`	`)`
`55`	`55`	`JINJA_ENV: Environment = Field(`
`56`		`- Environment(),`
	`56`	`+ Environment(autoescape=True),`
`57`	`57`	`description="The Jinja environment instance used to render the toolbar.",`
`58`	`58`	`)`
`59`	`59`	`JINJA_LOADERS: list[BaseLoader] = Field(`