Y
Hacker News
new
|
ask
|
show
|
jobs
by
fifilura
846 days ago
I have some recollection about filters defined by jinja macros opening up for SQL injections.
1 comments
fifilura
845 days ago
And this would be fine if you could lock down arbitrary input in e.g. dropdowns, but it was still possible to input arbitrary strings even in a dropdown because of the choice of widget.
link