Git-Mirrors/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-07-22 06:19:30 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge f3021f12fc into 2cee0508d1

Browse source
This commit is contained in:
Necdet Erdogan 2025-07-10 13:52:54 +03:00 committed by GitHub
commit b60f2ae85d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
cli/onionshare_cli/web/web.py
View file

@ -34,7 +34,6 @@ from flask import (
abort, abort,
make_response, make_response,
send_file, send_file,
__version__ as flask_version,
) )
from flask_compress import Compress from flask_compress import Compress
from flask_socketio import SocketIO from flask_socketio import SocketIO
@ -134,13 +133,7 @@ class Web:
# Use a custom Request class to track upload progress # Use a custom Request class to track upload progress
self.app.request_class = ReceiveModeRequest self.app.request_class = ReceiveModeRequest
# Starting in Flask 0.11, render_template_string autoescapes template variables
# by default. To prevent content injection through template variables in
# earlier versions of Flask, we force autoescaping in the Jinja2 template
# engine if we detect a Flask version with insecure default behavior.
if Version(flask_version) < Version("0.11"):
# Monkey-patch in the fix from https://github.com/pallets/flask/commit/99c99c4c16b1327288fd76c44bc8635a1de452bc
Flask.select_jinja_autoescape = self._safe_select_jinja_autoescape
self.security_headers = [ self.security_headers = [
("X-Frame-Options", "DENY"), ("X-Frame-Options", "DENY"),