👩💻 Join our community of thousands of amazing developers!
This should have been obvious to me for a longer time, but until earlier today I did not really realize the severity of the issues caused by str.format on untrusted user input. It came up as a way to bypass the Jinja2 Sandbox in a way that would permit retrieving information that you should not have access to which is why I just pushed out a security release for it. However I think the general issue is quite severe and needs to be a discussed because most people are most likely not aware of how...