(engine)
| 139 | |
| 140 | @app.route("/blind/<engine>") |
| 141 | def blind(engine): |
| 142 | |
| 143 | template = request.values.get('tpl') |
| 144 | if not template: |
| 145 | template = '%s' |
| 146 | |
| 147 | injection = request.values.get('inj') |
| 148 | |
| 149 | if engine == 'mako': |
| 150 | MakoTemplates(template % injection, lookup=mylookup).render() |
| 151 | elif engine == 'jinja2': |
| 152 | Jinja2Env.from_string(template % injection).render() |
| 153 | elif engine == 'eval': |
| 154 | eval(template % injection) |
| 155 | elif engine == 'tornado': |
| 156 | tornado.template.Template(template % injection).generate() |
| 157 | |
| 158 | return randomword() |
| 159 | |
| 160 | @app.route("/reflect_cookieauth/<engine>") |
| 161 | def reflect_cookieauth(engine): |
nothing calls this directly
no test coverage detected