Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 32 lines (20 sloc) 0.863 kb
5cdc1ac Armin Ronacher documentation update
authored
1 Sandbox
2 =======
3
4 The Jinja2 sandbox can be used to evaluate untrusted code. Access to unsafe
5 attributes and methods is prohibited.
6
7 Assuming `env` is a :class:`SandboxedEnvironment` in the default configuration
8 the following piece of code shows how it works:
9
10 >>> env.from_string("{{ func.func_code }}").render(func=lambda:None)
11 u''
12 >>> env.from_string("{{ func.func_code.do_something }}").render(func=lambda:None)
13 Traceback (most recent call last):
14 ...
15 SecurityError: access to attribute 'func_code' of 'function' object is unsafe.
16
17
18 .. module:: jinja2.sandbox
19
20 .. autoclass:: SandboxedEnvironment([options])
21 :members: is_safe_attribute, is_safe_callable
22
522cad6 Armin Ronacher added `ImmutableSandboxedEnvironment`.
authored
23 .. autoclass:: ImmutableSandboxedEnvironment([options])
24
5cdc1ac Armin Ronacher documentation update
authored
25 .. autoexception:: SecurityError
26
27 .. autofunction:: unsafe
28
29 .. autofunction:: is_internal_attribute
522cad6 Armin Ronacher added `ImmutableSandboxedEnvironment`.
authored
30
d71fff0 Armin Ronacher improved sandbox and updated setup.py
authored
31 .. autofunction:: modifies_known_mutable
Something went wrong with that request. Please try again.