Merge ea34d324062e8ec6c529c7adeffd3c005ca2785f into 16644b009f99e53b8b271c4bd1a50e6260e1935b

2025-04-21 07:56:32 -04:00 · 2025-04-15 06:01:39 +00:00 · 2025-04-15 06:01:39 +00:00 · 1a542f61fc
commit 1a542f61fc
parent 16644b009f ea34d32406
1 changed files with 2 additions and 1 deletions
--- a/cli/onionshare_cli/web/web.py
+++ b/cli/onionshare_cli/web/web.py
@ -17,6 +17,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
+import importlib
 import logging
 import mimetypes
 import os
@ -34,7 +35,6 @@ from flask import (
    abort,
    make_response,
    send_file,
-    __version__ as flask_version,
 )
 from flask_compress import Compress
 from flask_socketio import SocketIO
@ -138,6 +138,7 @@ class Web:
        # by default. To prevent content injection through template variables in
        # earlier versions of Flask, we force autoescaping in the Jinja2 template
        # engine if we detect a Flask version with insecure default behavior.
+        flask_version = importlib.metadata.version("flask")
        if Version(flask_version) < Version("0.11"):
            # Monkey-patch in the fix from https://github.com/pallets/flask/commit/99c99c4c16b1327288fd76c44bc8635a1de452bc
            Flask.select_jinja_autoescape = self._safe_select_jinja_autoescape