Add an option to block inputted Jinja from rendering on workflow load
N
Nutmeg Squid
Currently, Jinja expressions in inputs are automatically rendered when the workflow loads. This creates a risk of unintended Jinja injection, especially when handling data from external sources or URL parameters.
To improve security and control, it would be helpful to have an option that prevents inputted Jinja from being evaluated immediately upon workflow execution.
Log In
V
Varied Grouse
This is incredibly important. I have had to move basically any user-facing flows to other platforms because I can't effectively prevent org variables, including API keys from leaking as is.
X
Xenon blue Vole
In my opinion this is really important for App Builder. I'm holding off on using the App Builder until something like this is implemented, or other Jinja injection preventions, as this could easily be used as an attack vector