A sandbox layer that ensures unsafe operations cannot be performed. Useful when the template itself comes from an untrusted source.
Class |
|
Works exactly like the regular `SandboxedEnvironment` but does not permit modifications on the builtin mutable objects `list`, `set`, and `dict` by using the :func:`modifies_known_mutable` function. |
Class |
|
The sandboxed environment. It works like the regular environment but tells the compiler to generate sandboxed code. Additionally subclasses of this environment may override the methods that tell the runtime what attributes or functions are safe to access. |
Class |
|
Undocumented |
Class |
|
Undocumented |
Function | inspect |
Undocumented |
Function | is |
Test if the attribute given is an internal python attribute. For example this function returns `True` for the `func_code` attribute of python objects. This is useful if the environment method :meth:`~SandboxedEnvironment... |
Function | modifies |
This function checks if an attribute on a builtin mutable object (list, dict, set or deque) or the corresponding ABCs would modify it if called. |
Function | safe |
A range that can't generate ranges with a length of more than MAX_RANGE items. |
Function | unsafe |
Marks a function or method as unsafe. |
Constant | F |
Undocumented |
Constant | MAX |
Undocumented |
Constant | UNSAFE |
Undocumented |
Constant | UNSAFE |
Undocumented |
Constant | UNSAFE |
Undocumented |
Constant | UNSAFE |
Undocumented |
Constant | UNSAFE |
Undocumented |
Variable | _mutable |
Undocumented |
Test if the attribute given is an internal python attribute. For example this function returns `True` for the `func_code` attribute of python objects. This is useful if the environment method :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden. >>> from jinja2.sandbox import is_internal_attribute >>> is_internal_attribute(str, "mro") True >>> is_internal_attribute(str, "upper") False
Parameters | |
obj:t.Any | Undocumented |
attr:str | Undocumented |
Returns | |
bool | Undocumented |
This function checks if an attribute on a builtin mutable object (list, dict, set or deque) or the corresponding ABCs would modify it if called. >>> modifies_known_mutable({}, "clear") True >>> modifies_known_mutable({}, "keys") False >>> modifies_known_mutable([], "append") True >>> modifies_known_mutable([], "index") False If called with an unsupported object, ``False`` is returned. >>> modifies_known_mutable("foo", "upper") False
Parameters | |
obj:t.Any | Undocumented |
attr:str | Undocumented |
Returns | |
bool | Undocumented |