Safely render a template with escaped user inputs. Args: template: Jinja2 Template object **kwargs: Template variables (will be escaped if strings) Returns: Rendered template string
(template: Template, **kwargs: Any)
| 72 | |
| 73 | |
| 74 | def _safe_render(template: Template, **kwargs: Any) -> str: |
| 75 | """Safely render a template with escaped user inputs. |
| 76 | |
| 77 | Args: |
| 78 | template: Jinja2 Template object |
| 79 | **kwargs: Template variables (will be escaped if strings) |
| 80 | |
| 81 | Returns: |
| 82 | Rendered template string |
| 83 | """ |
| 84 | # Escape all string inputs to prevent XSS and injection |
| 85 | safe_kwargs = {} |
| 86 | for key, value in kwargs.items(): |
| 87 | if isinstance(value, str): |
| 88 | safe_kwargs[key] = escape(value) |
| 89 | elif isinstance(value, list): |
| 90 | # Escape string items in lists |
| 91 | safe_kwargs[key] = [escape(str(item)) if isinstance(item, str) else item for item in value] |
| 92 | else: |
| 93 | safe_kwargs[key] = value |
| 94 | |
| 95 | return template.render(**safe_kwargs) |
| 96 | |
| 97 | |
| 98 | @app.prompt(output="q_ls,template->prompt_ls") |
no outgoing calls
no test coverage detected