Jinja2 沙箱用于为不信任的代码求值。访问不安全的属性和方法是被禁止的。 假定在默认配置中 env 是一个 SandboxedEnvironment 实例,下面的代码展示 了它如何工作: >>> env.from_string("{{ func.func_code }}").render(func=lambda:None)
u''
>>> env.from_string("{{ func.func_code.do_something }}").render(func=lambda:None)
Traceback (most recent call last):
...
SecurityError: access to attribute 'func_code' of 'function' object is unsafe.
API- class
jinja2.sandbox.SandboxedEnvironment([options]) The sandboxed environment. It works like the regular environment but tells the compiler to generate sandboxed code. Additionally subclasses of this environment may override the methods that tell the runtime what attributes or functions are safe to access. If the template tries to access insecure code a SecurityError is raised. However also other exceptions may occour during the rendering so the caller has to ensure that all exceptions are catched. call_binop(context, operator, left, right)For intercepted binary operator calls (intercepted_binops()) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators.
call_unop(context, operator, arg)For intercepted unary operator calls (intercepted_unops()) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators.
default_binop_table= {'//': <built-in function floordiv>, '%': <built-in function mod>, '+': <built-in function add>, '*': <built-in function mul>, '-': <built-in function sub>, '/': <built-in function truediv>, '**': <built-in function pow>}default callback table for the binary operators. A copy of this is available on each instance of a sandboxed environment as binop_table
default_unop_table= {'+': <built-in function pos>, '-': <built-in function neg>}default callback table for the unary operators. A copy of this is available on each instance of a sandboxed environment as unop_table
intercepted_binops= frozenset([])a set of binary operators that should be intercepted. Each operator that is added to this set (empty by default) is delegated to the call_binop() method that will perform the operator. The default operator callback is specified by binop_table. The following binary operators are interceptable: //, %, +, *, -, /, and ** The default operation form the operator table corresponds to the builtin function. Intercepted calls are always slower than the native operator call, so make sure only to intercept the ones you are interested in.
intercepted_unops= frozenset([])a set of unary operators that should be intercepted. Each operator that is added to this set (empty by default) is delegated to the call_unop() method that will perform the operator. The default operator callback is specified by unop_table. The following unary operators are interceptable: +, - The default operation form the operator table corresponds to the builtin function. Intercepted calls are always slower than the native operator call, so make sure only to intercept the ones you are interested in.
is_safe_attribute(obj, attr, value)The sandboxed environment will call this method to check if the attribute of an object is safe to access. Per default all attributes starting with an underscore are considered private as well as the special attributes of internal python objects as returned by the is_internal_attribute() function.
is_safe_callable(obj)Check if an object is safely callable. Per default a function is considered safe unless the unsafe_callable attribute exists and is True. Override this method to alter the behavior, but this won’t affect the unsafe decorator from this module.
- class
jinja2.sandbox.ImmutableSandboxedEnvironment([options]) Works exactly like the regular SandboxedEnvironment but does not permit modifications on the builtin mutable objects list, set, and dict by using the modifies_known_mutable() function.
- exception
jinja2.sandbox.SecurityError(message=None) Raised if a template tries to do something insecure if the sandbox is enabled.
|
