jinja2.sandbox

module documentation

A sandbox layer that ensures unsafe operations cannot be performed. Useful when the template itself comes from an untrusted source.

Class	`ImmutableSandboxedEnvironment`	Works exactly like the regular `SandboxedEnvironment` but does not permit modifications on the builtin mutable objects `list`, `set`, and `dict` by using the `modifies_known_mutable` function.
Class	`SandboxedEnvironment`	No summary
Function	`is_internal_attribute`	No summary
Function	`modifies_known_mutable`	This function checks if an attribute on a builtin mutable object (list, dict, set or deque) or the corresponding ABCs would modify it if called.
Function	`unsafe`	Marks a function or method as unsafe.
Constant	`F`	Undocumented
Constant	`MAX_RANGE`	Undocumented
Constant	`UNSAFE_ASYNC_GENERATOR_ATTRIBUTES`	Undocumented
Constant	`UNSAFE_COROUTINE_ATTRIBUTES`	Undocumented
Constant	`UNSAFE_FUNCTION_ATTRIBUTES`	Undocumented
Constant	`UNSAFE_GENERATOR_ATTRIBUTES`	Undocumented
Constant	`UNSAFE_METHOD_ATTRIBUTES`	Undocumented
Class	`SandboxedEscapeFormatter`	Undocumented
Class	`SandboxedFormatter`	Undocumented
Function	`inspect_format_method`	Undocumented
Function	`safe_range`	A range that can't generate ranges with a length of more than MAX_RANGE items.
Variable	`_mutable_spec`	Undocumented

def is_internal_attribute(obj, attr):

Test if the attribute given is an internal python attribute. For example this function returns True for the func_code attribute of python objects. This is useful if the environment method ~SandboxedEnvironment.is_safe_attribute is overridden.

>>> from jinja2.sandbox import is_internal_attribute
>>> is_internal_attribute(str, "mro")
True
>>> is_internal_attribute(str, "upper")
False

Parameters
obj:`t.Any`	Undocumented
attr:`str`	Undocumented
Returns
`bool`	Undocumented

def modifies_known_mutable(obj, attr):

This function checks if an attribute on a builtin mutable object (list, dict, set or deque) or the corresponding ABCs would modify it if called.

>>> modifies_known_mutable({}, "clear")
True
>>> modifies_known_mutable({}, "keys")
False
>>> modifies_known_mutable([], "append")
True
>>> modifies_known_mutable([], "index")
False

If called with an unsupported object, False is returned.

>>> modifies_known_mutable("foo", "upper")
False

Parameters
obj:`t.Any`	Undocumented
attr:`str`	Undocumented
Returns
`bool`	Undocumented

def unsafe(f):

Marks a function or method as unsafe.

Parameters
f:`F`	Undocumented
Returns
`F`	Undocumented

F =

Undocumented

Value

t.TypeVar('F',
          bound=t.Callable[..., t.Any])

MAX_RANGE: int =

Undocumented

Value

UNSAFE_ASYNC_GENERATOR_ATTRIBUTES: set[str] =

Undocumented

Value

set(['ag_code', 'ag_frame'])

UNSAFE_COROUTINE_ATTRIBUTES: set[str] =

Undocumented

Value

set(['cr_frame', 'cr_code'])

UNSAFE_FUNCTION_ATTRIBUTES: t.Set[str] =

Undocumented

Value

set()

UNSAFE_GENERATOR_ATTRIBUTES: set[str] =

Undocumented

Value

set(['gi_frame', 'gi_code'])

UNSAFE_METHOD_ATTRIBUTES: t.Set[str] =

Undocumented

Value

set()

def inspect_format_method(callable):

Undocumented

Parameters
callable:`t.Callable`	Undocumented
Returns
`t.Optional[str]`	Undocumented

def safe_range(*args):

A range that can't generate ranges with a length of more than MAX_RANGE items.

Parameters
*args:`int`	Undocumented
Returns
`range`	Undocumented

_mutable_spec: t.Tuple[t.Tuple[t.Type, t.FrozenSet[str]], ...] =

Undocumented