Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 32 lines (20 sloc) 0.863 kB
5cdc1ac @mitsuhiko documentation update
authored
1 Sandbox
2 =======
3
4 The Jinja2 sandbox can be used to evaluate untrusted code. Access to unsafe
5 attributes and methods is prohibited.
6
7 Assuming `env` is a :class:`SandboxedEnvironment` in the default configuration
8 the following piece of code shows how it works:
9
10 >>> env.from_string("{{ func.func_code }}").render(func=lambda:None)
11 u''
12 >>> env.from_string("{{ func.func_code.do_something }}").render(func=lambda:None)
13 Traceback (most recent call last):
14 ...
15 SecurityError: access to attribute 'func_code' of 'function' object is unsafe.
16
17
18 .. module:: jinja2.sandbox
19
20 .. autoclass:: SandboxedEnvironment([options])
21 :members: is_safe_attribute, is_safe_callable
22
522cad6 @mitsuhiko added `ImmutableSandboxedEnvironment`.
authored
23 .. autoclass:: ImmutableSandboxedEnvironment([options])
24
5cdc1ac @mitsuhiko documentation update
authored
25 .. autoexception:: SecurityError
26
27 .. autofunction:: unsafe
28
29 .. autofunction:: is_internal_attribute
522cad6 @mitsuhiko added `ImmutableSandboxedEnvironment`.
authored
30
d71fff0 @mitsuhiko improved sandbox and updated setup.py
authored
31 .. autofunction:: modifies_known_mutable
Something went wrong with that request. Please try again.