jinja2.sandbox.SandboxedEnvironment

class documentation

class SandboxedEnvironment(Environment): (source)

Known subclasses: jinja2.sandbox.ImmutableSandboxedEnvironment

The sandboxed environment. It works like the regular environment but tells the compiler to generate sandboxed code. Additionally subclasses of this environment may override the methods that tell the runtime what attributes or functions are safe to access. If the template tries to access insecure code a :exc:`SecurityError` is raised. However also other exceptions may occur during the rendering so the caller has to ensure that all exceptions are caught.

Method	`__init__`	Undocumented
Method	`call`	Call an object from sandboxed code.
Method	`call_binop`	For intercepted binary operator calls (:meth:`intercepted_binops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators.
Method	`call_unop`	For intercepted unary operator calls (:meth:`intercepted_unops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators.
Method	`format_string`	If a format call is detected, then this is routed through this method so that our safety sandbox can be used for it.
Method	`getattr`	Subscribe an object from sandboxed code and prefer the attribute. The attribute passed must be a bytestring.
Method	`getitem`	Subscribe an object from sandboxed code.
Method	`is_safe_attribute`	The sandboxed environment will call this method to check if the attribute of an object is safe to access. Per default all attributes starting with an underscore are considered private as well as the special attributes of internal python objects as returned by the :func:`is_internal_attribute` function.
Method	`is_safe_callable`	Check if an object is safely callable. By default callables are considered safe unless decorated with :func:`unsafe`.
Method	`unsafe_undefined`	Return an undefined object for unsafe attributes.
Class Variable	`default_binop_table`	Undocumented
Class Variable	`default_unop_table`	Undocumented
Class Variable	`intercepted_binops`	Undocumented
Class Variable	`intercepted_unops`	Undocumented
Class Variable	`sandboxed`	Undocumented
Instance Variable	`binop_table`	Undocumented
Instance Variable	`unop_table`	Undocumented

def __init__(self, *args, **kwargs): (source)

Undocumented

Parameters
*args:`t.Any`	Undocumented
**kwargs:`t.Any`	Undocumented

def call(__self, __context, __obj, *args, **kwargs): (source)

Call an object from sandboxed code.

Parameters
__self	Undocumented
__context:`Context`	Undocumented
__obj:`t.Any`	Undocumented
*args:`t.Any`	Undocumented
**kwargs:`t.Any`	Undocumented
Returns
`t.Any`	Undocumented

def call_binop(self, context, operator, left, right): (source)

For intercepted binary operator calls (:meth:`intercepted_binops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. .. versionadded:: 2.6

Parameters
context:`Context`	Undocumented
operator:`str`	Undocumented
left:`t.Any`	Undocumented
right:`t.Any`	Undocumented
Returns
`t.Any`	Undocumented

def call_unop(self, context, operator, arg): (source)

For intercepted unary operator calls (:meth:`intercepted_unops`) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. .. versionadded:: 2.6

Parameters
context:`Context`	Undocumented
operator:`str`	Undocumented
arg:`t.Any`	Undocumented
Returns
`t.Any`	Undocumented

def format_string(self, s, args, kwargs, format_func=None): (source)

If a format call is detected, then this is routed through this method so that our safety sandbox can be used for it.

Parameters
s:`str`	Undocumented
args:`t.Tuple[t.Any, ...]`	Undocumented
kwargs:`t.Dict[str, t.Any]`	Undocumented
format_func:`t.Optional[t.Callable]`	Undocumented
Returns
`str`	Undocumented

def getattr(self, obj, attribute): (source)

Subscribe an object from sandboxed code and prefer the attribute. The attribute passed *must* be a bytestring.

Parameters
obj:`t.Any`	Undocumented
attribute:`str`	Undocumented
Returns
`t.Union[t.Any, Undefined]`	Undocumented

def getitem(self, obj, argument): (source)

Subscribe an object from sandboxed code.

Parameters
obj:`t.Any`	Undocumented
argument:`t.Union[str, t.Any]`	Undocumented
Returns
`t.Union[t.Any, Undefined]`	Undocumented

def is_safe_attribute(self, obj, attr, value): (source)

overridden in jinja2.sandbox.ImmutableSandboxedEnvironment

The sandboxed environment will call this method to check if the attribute of an object is safe to access. Per default all attributes starting with an underscore are considered private as well as the special attributes of internal python objects as returned by the :func:`is_internal_attribute` function.

Parameters
obj:`t.Any`	Undocumented
attr:`str`	Undocumented
value:`t.Any`	Undocumented
Returns
`bool`	Undocumented

def is_safe_callable(self, obj): (source)

Check if an object is safely callable. By default callables are considered safe unless decorated with :func:`unsafe`. This also recognizes the Django convention of setting ``func.alters_data = True``.

Parameters
obj:`t.Any`	Undocumented
Returns
`bool`	Undocumented

def unsafe_undefined(self, obj, attribute): (source)

Return an undefined object for unsafe attributes.

Parameters
obj:`t.Any`	Undocumented
attribute:`str`	Undocumented
Returns
`Undefined`	Undocumented

default_binop_table: t.Dict[str, t.Callable[[t.Any, t.Any], t.Any]] = (source)

Undocumented

default_unop_table: t.Dict[str, t.Callable[[t.Any], t.Any]] = (source)

Undocumented

intercepted_binops: t.FrozenSet[str] = (source)

Undocumented

intercepted_unops: t.FrozenSet[str] = (source)

Undocumented

sandboxed: bool = (source)

Undocumented

binop_table = (source)

Undocumented

unop_table = (source)

Undocumented