Re-enable jinja2 autoescape (fixes #988) (#1191)

* Re-enable jinja2 autoescape (fixes #988)

Author: terriko

cve_bin_tool/output_engine/html.py

@@ -7,7 +7,7 @@
 from typing import Dict, List
 
 import plotly.graph_objects as go
-from jinja2 import Environment, FileSystemLoader
+from jinja2 import Environment, FileSystemLoader, select_autoescape
 from jinja2.environment import Template
 
 from ..log import LOGGER
@@ -67,7 +67,12 @@ def output_html(
 
     # Template Directory contains all the html files
     templates_dir = os.path.join(root, "html_reports")
-    templates_env = Environment(loader=FileSystemLoader([theme_dir, templates_dir]))
+    templates_env = Environment(
+        loader=FileSystemLoader(templates_dir),
+        autoescape=select_autoescape(
+            enabled_extensions=("html"), disabled_extensions=("css,js")
+        ),
+    )
 
     temp_base = "templates/base.html"
     temp_dash = "templates/dashboard.html"

cve_bin_tool/output_engine/print_mode.py

@@ -4,7 +4,7 @@
 import os
 from datetime import datetime
 
-from jinja2 import Environment, FileSystemLoader
+from jinja2 import Environment, FileSystemLoader, select_autoescape
 
 from ..util import CVEData
 
@@ -22,7 +22,12 @@ def html_print_mode(
 
     root = os.path.dirname(os.path.abspath(__file__))
     templates_dir = os.path.join(root, "print_mode")
-    templates_env = Environment(loader=FileSystemLoader(templates_dir))
+    templates_env = Environment(
+        loader=FileSystemLoader(templates_dir),
+        autoescape=select_autoescape(
+            enabled_extensions=("html"), disabled_extensions=("css,js")
+        ),
+    )
 
     temp_showcase = "templates/showcase.html"
     temp_content = "templates/content.html"