[security] exclude python files from being seen directly (#4942)

frappe/website/render.py

@@ -80,7 +80,7 @@ def is_static_file(path):
 	if ('.' not in path):
 		return False
 	extn = path.rsplit('.', 1)[-1]
-	if extn in ('html', 'md', 'js', 'xml', 'css', 'txt'):
+	if extn in ('html', 'md', 'js', 'xml', 'css', 'txt', 'py'):
 		return False
 
 	for app in frappe.get_installed_apps():