From 72ed5f8b258ec83d315cd8cc7a9326af66c42bb4 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Thu, 25 May 2017 14:33:16 +0300
Subject: [PATCH] - Added Bandit test. - Fixed single issue found (autoescaping
 Jinja templates). - Added parallel pre-commit, bandit tests in TravisCI. -
 Bumped patch version.

---
 .travis.yml          | 11 ++++++++---
 VERSION              |  2 +-
 template/__init__.py |  2 +-
 tox.ini              | 15 +++++++++++++--
 4 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index b646657..436187b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,6 @@
 ---
 language: python
-python: ["2.7", "3.2", "3.3", "3.4", "3.5"]
+python: ["2.7", "3.2", "3.3", "3.4", "3.5", "3.6"]
 dist: trusty
 sudo: false
 cache:
@@ -9,14 +9,19 @@ matrix:
   include:
     - python: "3.5"
       env: TOXENV=docs
+    - python: "3.5"
+      env: TOXENV=bandit
+    - python: "2.7"
+      env: TOXENV=pre-commit
+    - python: "3.5"
+      env: TOXENV=pre-commit
   allow_failures:
     - python: "3.2"
 
 install:
-  - pip install tox-travis pre-commit
+  - pip install tox-travis | cat
 
 script:
-  - pre-commit run --all-files
   - tox
 
 notifications:
diff --git a/VERSION b/VERSION
index 2b7c5ae..70d5b25 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.4.2
+0.4.3
\ No newline at end of file
diff --git a/template/__init__.py b/template/__init__.py
index c3b1b49..ccd38c9 100755
--- a/template/__init__.py
+++ b/template/__init__.py
@@ -12,7 +12,7 @@ import template.filters
 
 
 def render(template_string):
-    env = Environment()
+    env = Environment(autoescape=True)
     # Add all functions in template.filters as Jinja filters.
     for tf in filter(lambda x: not x.startswith('_'), dir(template.filters)):
         env.filters[tf] = template.filters.__getattribute__(tf)
diff --git a/tox.ini b/tox.ini
index 1ea2e13..34b08a6 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = py{2,3},docs
+envlist = py{2,3}
 
 [travis]
 python =
@@ -8,6 +8,7 @@ python =
     3.3: py3
     3.4: py3
     3.5: py3
+    3.6: py3
 
 [testenv]
 basepython =
@@ -38,7 +39,17 @@ deps =
     twine
     wheel
 commands =
-    sh -c 'git tag "v$(cat VERSION)" && git push --tags'
+    sh -c 'git tag -a "v$(cat VERSION)" && git push --tags'
     sh -c 'rm -rf dist/'
     python setup.py bdist_wheel
     twine upload --skip-existing dist/*.whl
+
+[testenv:bandit]
+basepython = python
+deps = bandit
+commands = bandit --recursive ./ --exclude .tox/,build/,dist/,template.egg-info
+
+[testenv:pre-commit]
+basepython = python
+deps = pre-commit
+commands = pre-commit run --all-files
-- 
GitLab