orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add .svg to select_jinja_autoescape (#4840)

Browse source 
As SVG files are a type of XML file and are similar in nearly
all aspects to XML, .svg should also be autoescaped.
This commit is contained in:
Jonah Lawrence 2022-10-30 07:55:51 -07:00 committed by David Lord
parent 631b6dd546
commit 79032ca5f1
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
3 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/flask/app.py
View file

@ -961,11 +961,14 @@ class Flask(Scaffold):
"""Returns ``True`` if autoescaping should be active for the given
template name. If no template name is given, returns `True`.
.. versionchanged:: 2.2
Autoescaping is now enabled by default for ``.svg`` files.
.. versionadded:: 0.5
"""
if filename is None:
return True
return filename.endswith((".html", ".htm", ".xml", ".xhtml"))
return filename.endswith((".html", ".htm", ".xml", ".xhtml", ".svg"))
def update_template_context(self, context: dict) -> None:
"""Update the template context with some commonly used variables.