mirror of https://github.com/langgenius/dify.git
26444d8b6c
When Jinja2 templates containing special characters (quotes, newlines)
were embedded directly in the generated Python script using triple-quoted
strings, the script would break. This fix encodes the template as base64
before embedding, then decodes it at runtime.
Root cause: Templates were inserted via string replacement into a Python
script like `jinja2.Template('''...''')`. If the template contained `'''`,
the generated script had a syntax error.
Solution: Add serialize_code() method to base64-encode templates, then
override assemble_runner_script() in Jinja2TemplateTransformer to use
the encoded template with runtime decoding.
This specifically affects Jinja2 templates - Python3 and JavaScript
transformers insert user code at the top level (not inside strings),
so they don't have this vulnerability.
Fixes #26818
|
||
|---|---|---|
| .. | ||
| __mock | ||
| code_executor | ||
| __init__.py | ||
| test_code.py | ||
| test_http.py | ||
| test_llm.py | ||
| test_parameter_extractor.py | ||
| test_template_transform.py | ||
| test_tool.py | ||