Avoid disabling Jinja autoescape | Critiq Docs

#Metadata

Rule ID: py.security.jinja-autoescape-disabled
Severity: medium
Confidence: 0.9
Languages: python
Presets: security, strict
Stability: stable
Applies to: block
Tags: jinja, python, rules-catalog, security, xss

#Why it matters

Disabling autoescape can allow untrusted template data to render as executable markup in browser clients.

#Remediation

Keep `autoescape` enabled for HTML templates and isolate trusted non-HTML rendering pipelines explicitly.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/python/py.security.jinja-autoescape-disabled.rule.yaml.

Back to directory Open rule in repository