robdiciuccio commented on a change in pull request #11704:
URL:
https://github.com/apache/incubator-superset/pull/11704#discussion_r524789845
##########
File path: superset/config.py
##########
@@ -677,6 +677,10 @@ class CeleryConfig: # pylint:
disable=too-few-public-methods
# language. This allows you to define custom logic to process macro template.
CUSTOM_TEMPLATE_PROCESSORS: Dict[str, Type[BaseTemplateProcessor]] = {}
+# Prevent access to classes/objects and proxy methods in the default Jinja
context,
+# unless explicitly overridden by JINJA_CONTEXT_ADDONS or
CUSTOM_TEMPLATE_PROCESSORS.
+SAFE_JINJA_PROCESSING: bool = True
Review comment:
@ktmud I agree, I think we should push safety and (potentially unsafe)
customizability as a path forward.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
