Is the backend Python and the frontend JavaScript? Because then that would happen and just be normal, because Boolean true is True in python.

Probably, but if you’re interpreting user inputs as raw code, you’ve got much much worse problems going on, lol.

It’s the settiings file… It’s probably supposed to only be written by the system admin.

A good place to put persistent malware. That’s why when using docker images always mount as ro if at all possible.