Enable jinja2 autoescape (#967)

terriko · web-flow · commit d8566c12c5c1 · 2020-11-12T11:17:48.000-08:00
As recommended by Bandit
diff --git a/cve_bin_tool/output_engine/html.py b/cve_bin_tool/output_engine/html.py
@@ -64,7 +64,10 @@ def output_html(
 
     # Template Directory contains all the html files
     templates_dir = os.path.join(root, "html_reports")
-    templates_env = Environment(loader=FileSystemLoader([theme_dir, templates_dir]))
+    templates_env = Environment(
+        loader=FileSystemLoader([theme_dir, templates_dir]),
+        autoescape=select_autoescape(["html"]),
+    )
 
     temp_base = "templates/base.html"
     temp_dash = "templates/dashboard.html"
diff --git a/cve_bin_tool/output_engine/print_mode.py b/cve_bin_tool/output_engine/print_mode.py
@@ -17,7 +17,10 @@ def html_print_mode(
 
     root = os.path.dirname(os.path.abspath(__file__))
     templates_dir = os.path.join(root, "print_mode")
-    templates_env = Environment(loader=FileSystemLoader(templates_dir))
+    templates_env = Environment(
+        loader=FileSystemLoader(templates_dir),
+        autoescape=select_autoescape(["html"]),
+    )
 
     temp_showcase = "templates/showcase.html"
     temp_content = "templates/content.html"
