jinja2.sandbox

module documentation
(source)

A sandbox layer that ensures unsafe operations cannot be performed. Useful when the template itself comes from an untrusted source.

Class ImmutableSandboxedEnvironment Works exactly like the regular `SandboxedEnvironment` but does not permit modifications on the builtin mutable objects `list`, `set`, and `dict` by using the :func:`modifies_known_mutable` function.
Class SandboxedEnvironment The sandboxed environment. It works like the regular environment but tells the compiler to generate sandboxed code. Additionally subclasses of this environment may override the methods that tell the runtime what attributes or functions are safe to access.
Class SandboxedEscapeFormatter Undocumented
Class SandboxedFormatter Undocumented
Function inspect_format_method Undocumented
Function is_internal_attribute Test if the attribute given is an internal python attribute. For example this function returns `True` for the `func_code` attribute of python objects. This is useful if the environment method :meth:`~SandboxedEnvironment...
Function modifies_known_mutable This function checks if an attribute on a builtin mutable object (list, dict, set or deque) or the corresponding ABCs would modify it if called.
Function safe_range A range that can't generate ranges with a length of more than MAX_RANGE items.
Function unsafe Marks a function or method as unsafe.
Constant F Undocumented
Constant MAX_RANGE Undocumented
Constant UNSAFE_ASYNC_GENERATOR_ATTRIBUTES Undocumented
Constant UNSAFE_COROUTINE_ATTRIBUTES Undocumented
Constant UNSAFE_FUNCTION_ATTRIBUTES Undocumented
Constant UNSAFE_GENERATOR_ATTRIBUTES Undocumented
Constant UNSAFE_METHOD_ATTRIBUTES Undocumented
Variable _mutable_spec Undocumented
def inspect_format_method(callable): (source)

Undocumented

Parameters
callable:t.CallableUndocumented
Returns
t.Optional[str]Undocumented
def is_internal_attribute(obj, attr): (source)

Test if the attribute given is an internal python attribute. For example this function returns `True` for the `func_code` attribute of python objects. This is useful if the environment method :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden. >>> from jinja2.sandbox import is_internal_attribute >>> is_internal_attribute(str, "mro") True >>> is_internal_attribute(str, "upper") False

Parameters
obj:t.AnyUndocumented
attr:strUndocumented
Returns
boolUndocumented
def modifies_known_mutable(obj, attr): (source)

This function checks if an attribute on a builtin mutable object (list, dict, set or deque) or the corresponding ABCs would modify it if called. >>> modifies_known_mutable({}, "clear") True >>> modifies_known_mutable({}, "keys") False >>> modifies_known_mutable([], "append") True >>> modifies_known_mutable([], "index") False If called with an unsupported object, ``False`` is returned. >>> modifies_known_mutable("foo", "upper") False

Parameters
obj:t.AnyUndocumented
attr:strUndocumented
Returns
boolUndocumented
def safe_range(*args): (source)

A range that can't generate ranges with a length of more than MAX_RANGE items.

Parameters
*args:intUndocumented
Returns
rangeUndocumented
def unsafe(f): (source)

Marks a function or method as unsafe. .. code-block: python @unsafe def delete(self): pass

Parameters
f:FUndocumented
Returns
FUndocumented
F = (source)

Undocumented

Value
t.TypeVar('F',
          bound=t.Callable[..., t.Any])
MAX_RANGE: int = (source)

Undocumented

Value
100000
UNSAFE_ASYNC_GENERATOR_ATTRIBUTES: set[str] = (source)

Undocumented

Value
set(['ag_code', 'ag_frame'])
UNSAFE_COROUTINE_ATTRIBUTES: set[str] = (source)

Undocumented

Value
set(['cr_frame', 'cr_code'])
UNSAFE_FUNCTION_ATTRIBUTES: t.Set[str] = (source)

Undocumented

Value
set()
UNSAFE_GENERATOR_ATTRIBUTES: set[str] = (source)

Undocumented

Value
set(['gi_frame', 'gi_code'])
UNSAFE_METHOD_ATTRIBUTES: t.Set[str] = (source)

Undocumented

Value
set()
_mutable_spec: t.Tuple[t.Tuple[t.Type, t.FrozenSet[str]], ...] = (source)

Undocumented