Enable autoescape for web server's Jinja environment.

diff --git a/web.py b/web.py
index 629e63b2c19ef40abcb444d8319caaab45a52fc3..813d0fcb641a5acf0fe0f957dd8fc942cb333cfd 100644 (file)
--- a/web.py
+++ b/web.py
@@ -20,7 +20,8 @@ class PlomHttpServer(HTTPServer):
 
     def __init__(self, templates_dir: Path, *args, **kwargs) -> None:
         super().__init__(*args, **kwargs)
-        self.jinja = JinjaEnv(loader=JinjaFSLoader(templates_dir))
+        self.jinja = JinjaEnv(loader=JinjaFSLoader(templates_dir),
+                              autoescape=True)
 
     def serve(self) -> None:
         """Do .serve_forever on .server_port/.server_address until ^C."""