| Armin Ronacher | 5cdc1ac | 2008-05-07 12:17:18 +0200 | [diff] [blame] | 1 | Sandbox |
| 2 | ======= |
| 3 | |
| 4 | The Jinja2 sandbox can be used to evaluate untrusted code. Access to unsafe |
| 5 | attributes and methods is prohibited. |
| 6 | |
| 7 | Assuming `env` is a :class:`SandboxedEnvironment` in the default configuration |
| 8 | the following piece of code shows how it works: |
| 9 | |
| 10 | >>> env.from_string("{{ func.func_code }}").render(func=lambda:None) |
| 11 | u'' |
| 12 | >>> env.from_string("{{ func.func_code.do_something }}").render(func=lambda:None) |
| 13 | Traceback (most recent call last): |
| 14 | ... |
| 15 | SecurityError: access to attribute 'func_code' of 'function' object is unsafe. |
| 16 | |
| 17 | |
| 18 | .. module:: jinja2.sandbox |
| 19 | |
| 20 | .. autoclass:: SandboxedEnvironment([options]) |
| 21 | :members: is_safe_attribute, is_safe_callable |
| 22 | |
| Armin Ronacher | 522cad6 | 2008-05-17 13:55:37 +0200 | [diff] [blame^] | 23 | .. autoclass:: ImmutableSandboxedEnvironment([options]) |
| 24 | |
| Armin Ronacher | 5cdc1ac | 2008-05-07 12:17:18 +0200 | [diff] [blame] | 25 | .. autoexception:: SecurityError |
| 26 | |
| 27 | .. autofunction:: unsafe |
| 28 | |
| 29 | .. autofunction:: is_internal_attribute |
| Armin Ronacher | 522cad6 | 2008-05-17 13:55:37 +0200 | [diff] [blame^] | 30 | |
| 31 | .. autofunction:: modifies_builtin_mutable |