added attr filter --HG-- branch : trunk

commit: 24b6558c3e8ea20d3f08481377970e53a80db33a [log] [tgz]
author: Armin Ronacher <armin.ronacher@active-4.com> Mon May 26 13:35:58 2008 +0200
committer: Armin Ronacher <armin.ronacher@active-4.com> Mon May 26 13:35:58 2008 +0200
tree: b502205cf04ba821ea94c9817df03a4cfbc46834
parent: f15f5f7fd77d93bf46b5db91e4f9820f25b7dd8d [diff] [blame]
diff --git a/tests/test_security.py b/tests/test_security.py
index 68b1515..7c812c0 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py

@@ -6,10 +6,12 @@
     :copyright: 2007 by Armin Ronacher.
     :license: BSD, see LICENSE for more details.
 """
+from py.test import raises
 from jinja2 import Environment
 from jinja2.sandbox import SandboxedEnvironment, \
      ImmutableSandboxedEnvironment, unsafe
 from jinja2 import Markup, escape
+from jinja2.exceptions import SecurityError
 
 
 class PrivateStuff(object):
@@ -132,3 +134,9 @@
     assert escape(t.module) == escaped_out
     assert t.module.say_hello('<blink>foo</blink>') == escaped_out
     assert escape(t.module.say_hello('<blink>foo</blink>')) == escaped_out
+
+
+def test_attr_filter():
+    env = SandboxedEnvironment()
+    tmpl = env.from_string('{{ 42|attr("__class__")|attr("__subclasses__")() }}')
+    raises(SecurityError, tmpl.render)
commit	24b6558c3e8ea20d3f08481377970e53a80db33a	[log] [tgz]
author	Armin Ronacher <armin.ronacher@active-4.com>	Mon May 26 13:35:58 2008 +0200
committer	Armin Ronacher <armin.ronacher@active-4.com>	Mon May 26 13:35:58 2008 +0200
tree	b502205cf04ba821ea94c9817df03a4cfbc46834
parent	f15f5f7fd77d93bf46b5db91e4f9820f25b7dd8d [diff] [blame]