Security fix for possible Cross-site-scripting (XSS) attack

[shuchu]

Reference :
https://sonarcloud.io/project/security_hotspots?id=shuchu_feast&hotspots=AY9leJjfaz5TZ8maDgoc
https://sonarcloud.io/project/security_hotspots?id=shuchu_feast&hotspots=AY9leJk3az5TZ8maDgo8

Specifications

• Version:
• Platform:
• Subsystem:

Possible Solution

Set the autoescape=True in Jinjia2 Environment()

[jskrzypek]

@franciscojavierarceo The change that closed this issue (#4355) was reverted later in #4357. Shouldn't this issue be reopened? I can't find discussion about whether or not it worked or why it was reversed.

[tokoko]

@jskrzypek yeah, you're right. I'll reopen the issue. The PR broke integration tests, that's why it was reverted. I'm not sure exactly why though, something about escaping special characters. We figured out that this PR was to blame for the failures a little too late, so most of the discussion was in Slack.

[jskrzypek]

Thanks! Yeah, I was reading the changelog for 0.40.0 and saw both the fix: Avoid XSS attack... and then down below the Revert "fix: Avoid XSS attack..." so I got curious 😁