module documentation

A sandbox layer that ensures unsafe operations cannot be performed. Useful when the template itself comes from an untrusted source.
Class ​Immutable​Sandboxed​Environment Works exactly like the regular SandboxedEnvironment but does not permit modifications on the builtin mutable objects list, set, and dict by using the modifies_known_mutable function.
Class ​Sandboxed​Environment No summary
Function is​_internal​_attribute No summary
Function modifies​_known​_mutable This function checks if an attribute on a builtin mutable object (list, dict, set or deque) or the corresponding ABCs would modify it if called.
Function unsafe Marks a function or method as unsafe.
Constant F Undocumented
Constant MAX​_RANGE Undocumented
Constant UNSAFE​_ASYNC​_GENERATOR​_ATTRIBUTES Undocumented
Constant UNSAFE​_COROUTINE​_ATTRIBUTES Undocumented
Constant UNSAFE​_FUNCTION​_ATTRIBUTES Undocumented
Constant UNSAFE​_GENERATOR​_ATTRIBUTES Undocumented
Constant UNSAFE​_METHOD​_ATTRIBUTES Undocumented
Class ​Sandboxed​Escape​Formatter Undocumented
Class ​Sandboxed​Formatter Undocumented
Function inspect​_format​_method Undocumented
Function safe​_range A range that can't generate ranges with a length of more than MAX_RANGE items.
Variable ​_mutable​_spec Undocumented
def is_internal_attribute(obj, attr):

Test if the attribute given is an internal python attribute. For example this function returns True for the func_code attribute of python objects. This is useful if the environment method ~SandboxedEnvironment.is_safe_attribute is overridden.

>>> from jinja2.sandbox import is_internal_attribute
>>> is_internal_attribute(str, "mro")
True
>>> is_internal_attribute(str, "upper")
False
Parameters
obj:t.AnyUndocumented
attr:strUndocumented
Returns
boolUndocumented
def modifies_known_mutable(obj, attr):

This function checks if an attribute on a builtin mutable object (list, dict, set or deque) or the corresponding ABCs would modify it if called.

>>> modifies_known_mutable({}, "clear")
True
>>> modifies_known_mutable({}, "keys")
False
>>> modifies_known_mutable([], "append")
True
>>> modifies_known_mutable([], "index")
False

If called with an unsupported object, False is returned.

>>> modifies_known_mutable("foo", "upper")
False
Parameters
obj:t.AnyUndocumented
attr:strUndocumented
Returns
boolUndocumented
def unsafe(f):

Marks a function or method as unsafe.

Parameters
f:FUndocumented
Returns
FUndocumented
F =

Undocumented

Value
t.TypeVar('F',
          bound=t.Callable[..., t.Any])
MAX_RANGE: int =

Undocumented

Value
100000
UNSAFE_ASYNC_GENERATOR_ATTRIBUTES: set[str] =

Undocumented

Value
set(['ag_code', 'ag_frame'])
UNSAFE_COROUTINE_ATTRIBUTES: set[str] =

Undocumented

Value
set(['cr_frame', 'cr_code'])
UNSAFE_FUNCTION_ATTRIBUTES: t.Set[str] =

Undocumented

Value
set()
UNSAFE_GENERATOR_ATTRIBUTES: set[str] =

Undocumented

Value
set(['gi_frame', 'gi_code'])
UNSAFE_METHOD_ATTRIBUTES: t.Set[str] =

Undocumented

Value
set()
def inspect_format_method(callable):

Undocumented

Parameters
callable:t.CallableUndocumented
Returns
t.Optional[str]Undocumented
def safe_range(*args):
A range that can't generate ranges with a length of more than MAX_RANGE items.
Parameters
*args:intUndocumented
Returns
rangeUndocumented
_mutable_spec: t.Tuple[t.Tuple[t.Type, t.FrozenSet[str]], ...] =

Undocumented