ktmud commented on a change in pull request #11704:
URL:
https://github.com/apache/incubator-superset/pull/11704#discussion_r524745153
##########
File path: superset/config.py
##########
@@ -677,6 +677,10 @@ class CeleryConfig: # pylint:
disable=too-few-public-methods
# language. This allows you to define custom logic to process macro template.
CUSTOM_TEMPLATE_PROCESSORS: Dict[str, Type[BaseTemplateProcessor]] = {}
+# Prevent access to classes/objects and proxy methods in the default Jinja
context,
+# unless explicitly overridden by JINJA_CONTEXT_ADDONS or
CUSTOM_TEMPLATE_PROCESSORS.
+SAFE_JINJA_PROCESSING: bool = True
Review comment:
I'm not sure we want to support so many different modes. To me it's more
important to find a "paved path" of safe and flexible templating solution that
makes the most sense. Every feature flag we added here is more like a temporary
solution for compatibility rather than something we want to support in the
long-term.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
