class SandboxedEnvironment(Environment): (source)
Known subclasses: jinja2.sandbox.ImmutableSandboxedEnvironment
The sandboxed environment. It works like the regular environment but tells the compiler to generate sandboxed code. Additionally subclasses of this environment may override the methods that tell the runtime what attributes or functions are safe to access. If the template tries to access insecure code a :exc:`SecurityError` is raised. However also other exceptions may occur during the rendering so the caller has to ensure that all exceptions are caught.
Method | __init__ |
Undocumented |
Method | call |
Call an object from sandboxed code. |
Method | call |
For intercepted binary operator calls (:meth:`intercepted_binops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. |
Method | call |
For intercepted unary operator calls (:meth:`intercepted_unops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. |
Method | format |
If a format call is detected, then this is routed through this method so that our safety sandbox can be used for it. |
Method | getattr |
Subscribe an object from sandboxed code and prefer the attribute. The attribute passed *must* be a bytestring. |
Method | getitem |
Subscribe an object from sandboxed code. |
Method | is |
The sandboxed environment will call this method to check if the attribute of an object is safe to access. Per default all attributes starting with an underscore are considered private as well as the special attributes of internal python objects as returned by the :func:`is_internal_attribute` function. |
Method | is |
Check if an object is safely callable. By default callables are considered safe unless decorated with :func:`unsafe`. |
Method | unsafe |
Return an undefined object for unsafe attributes. |
Class Variable | default |
Undocumented |
Class Variable | default |
Undocumented |
Class Variable | intercepted |
Undocumented |
Class Variable | intercepted |
Undocumented |
Class Variable | sandboxed |
Undocumented |
Instance Variable | binop |
Undocumented |
Instance Variable | unop |
Undocumented |
For intercepted binary operator calls (:meth:`intercepted_binops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. .. versionadded:: 2.6
Parameters | |
context:Context | Undocumented |
operator:str | Undocumented |
left:t.Any | Undocumented |
right:t.Any | Undocumented |
Returns | |
t.Any | Undocumented |
For intercepted unary operator calls (:meth:`intercepted_unops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. .. versionadded:: 2.6
Parameters | |
context:Context | Undocumented |
operator:str | Undocumented |
arg:t.Any | Undocumented |
Returns | |
t.Any | Undocumented |
If a format call is detected, then this is routed through this method so that our safety sandbox can be used for it.
Parameters | |
s:str | Undocumented |
args:t.Tuple[ | Undocumented |
kwargs:t.Dict[ | Undocumented |
formatt.Optional[ | Undocumented |
Returns | |
str | Undocumented |
jinja2.sandbox.ImmutableSandboxedEnvironment
The sandboxed environment will call this method to check if the attribute of an object is safe to access. Per default all attributes starting with an underscore are considered private as well as the special attributes of internal python objects as returned by the :func:`is_internal_attribute` function.
Parameters | |
obj:t.Any | Undocumented |
attr:str | Undocumented |
value:t.Any | Undocumented |
Returns | |
bool | Undocumented |