more unittests and updated documentation for extensions. Fixed bug in optimizer that caused blocks to be optimized away under some circumstances. --HG-- branch : trunk

commit: 6df604ec215d56fac8ed40d1c2aab715817f2474 [log] [tgz]
author: Armin Ronacher <armin.ronacher@active-4.com> Fri May 23 22:18:38 2008 +0200
committer: Armin Ronacher <armin.ronacher@active-4.com> Fri May 23 22:18:38 2008 +0200
tree: 6b8f1e7f64bfbac14cd805912d6010bb63fa9ba3
parent: 3da9031b99b12ad829e8307b893279347ad04c2c [diff] [blame]
diff --git a/tests/test_security.py b/tests/test_security.py
index 6813656..5974e1f 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py

@@ -6,7 +6,8 @@
     :copyright: 2007 by Armin Ronacher.
     :license: BSD, see LICENSE for more details.
 """
-from jinja2.sandbox import SandboxedEnvironment, unsafe
+from jinja2.sandbox import SandboxedEnvironment, \
+     ImmutableSandboxedEnvironment, unsafe
 
 
 class PrivateStuff(object):
@@ -68,3 +69,16 @@
     ...
 TemplateSyntaxError: expected token 'in', got '.' (line 1)
 '''
+
+
+test_immutable_environment = '''
+>>> env = MODULE.ImmutableSandboxedEnvironment()
+>>> env.from_string('{{ [].append(23) }}').render()
+Traceback (most recent call last):
+    ...
+SecurityError: access to attribute 'append' of 'list' object is unsafe.
+>>> env.from_string('{{ {1:2}.clear() }}').render()
+Traceback (most recent call last):
+    ...
+SecurityError: access to attribute 'clear' of 'dict' object is unsafe.
+'''
commit	6df604ec215d56fac8ed40d1c2aab715817f2474	[log] [tgz]
author	Armin Ronacher <armin.ronacher@active-4.com>	Fri May 23 22:18:38 2008 +0200
committer	Armin Ronacher <armin.ronacher@active-4.com>	Fri May 23 22:18:38 2008 +0200
tree	6b8f1e7f64bfbac14cd805912d6010bb63fa9ba3
parent	3da9031b99b12ad829e8307b893279347ad04c2c [diff] [blame]