Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-08-23 03:25:02 -04:00
Code Issues Projects Releases Packages Wiki Activity

Hotfix: disable autoescape by default when rendering Jinja2 templates (#8394)

Browse source 
#8037 changed the default `autoescape` option when rendering Jinja2 templates from `False` to `True`. This caused some bugs, noticeably around redirect URLs being escaped in SAML2 auth confirmation templates, causing those URLs to break for users.

This change returns the previous behaviour as it stood. We may want to look at each template individually and see whether autoescaping is a good idea at some point, but for now lets just fix the breakage.
This commit is contained in:
Andrew Morgan 2020-09-24 16:24:08 +01:00 committed by GitHub
parent d191dbdaa6
commit 3f4a2a7064
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
synapse/config/saml2_config.py
View file

@ -169,8 +169,10 @@ class SAML2Config(Config):
saml2_config.get("saml_session_lifetime", "15m")
)
# We enable autoescape here as the message may potentially come from a
# remote resource
self.saml2_error_html_template = self.read_templates(
["saml_error.html"], saml2_config.get("template_dir")
["saml_error.html"], saml2_config.get("template_dir"), autoescape=True
)[0]
def _default_saml_config_dict(