language: py
name: autoescape-off
message: Detected a context with autoescape disabled
category: security

pattern: |
  (dictionary
    (pair
      key: (string (string_content) @autoescape)
      value: (false))
  (#eq? @autoescape "autoescape")) @autoescape-off

description: |
  Detected a Context with autoescape disabled. If you are rendering any web pages, this exposes your application to cross-site scripting (XSS) vulnerabilities. Remove 'autoescape: False' or set it to 'True'.