Use importlib.metadata.version('flask') to detect Flask version

2025-04-20 23:46:35 -04:00 · 2025-03-06 16:05:48 +11:00 · 2025-03-06 16:05:48 +11:00 · ea34d32406
commit ea34d32406
parent 303c83604c
1 changed files with 2 additions and 1 deletions
--- a/cli/onionshare_cli/web/web.py
+++ b/cli/onionshare_cli/web/web.py
@ -17,6 +17,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
+import importlib
 import logging
 import mimetypes
 import os
@ -34,7 +35,6 @@ from flask import (
    abort,
    make_response,
    send_file,
-    __version__ as flask_version,
 )
 from flask_compress import Compress
 from flask_socketio import SocketIO
@ -138,6 +138,7 @@ class Web:
        # by default. To prevent content injection through template variables in
        # earlier versions of Flask, we force autoescaping in the Jinja2 template
        # engine if we detect a Flask version with insecure default behavior.
+        flask_version = importlib.metadata.version("flask")
        if Version(flask_version) < Version("0.11"):
            # Monkey-patch in the fix from https://github.com/pallets/flask/commit/99c99c4c16b1327288fd76c44bc8635a1de452bc
            Flask.select_jinja_autoescape = self._safe_select_jinja_autoescape