Fix code scanning alert no. 24: Jinja2 templating with autoescape=False

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
NASA-PDS · Nov 14, 2024 · 6748c44 · 6748c44
1 parent ad5a2b1
commit 6748c44
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/pds/registry/utils/geostac/create_lola_pds4.py b/src/pds/registry/utils/geostac/create_lola_pds4.py
@@ -7,7 +7,7 @@
 from pathlib import Path
 
 import requests
-from jinja2 import Environment
+from jinja2 import Environment, select_autoescape
 from pds.registry.utils.geostac import templates
 
 logging.basicConfig(level=logging.INFO)
@@ -85,7 +85,7 @@ def create_product_external(item):
     :return: pds4 xml
     """
     # create env
-    env = Environment()
+    env = Environment(autoescape=select_autoescape(['html', 'xml']))
     with importlib.resources.open_text(templates, "product-external-template.xml") as io:
         template_text = io.read()
         template = env.from_string(template_text)
@@ -143,7 +143,7 @@ def create_product_browse(item):
     :return: pds4 xml
     """
     # create env
-    env = Environment()
+    env = Environment(autoescape=select_autoescape(['html', 'xml']))
 
     with importlib.resources.open_text(templates, "product-browse-template.xml") as io:
         template_text = io.read()