API · Jinja2中文文檔

*class?*jinja2.sandbox.SandboxedEnvironment([*options*])[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment "Permalink to this definition") The sandboxed environment. It works like the regular environment but tells the compiler to generate sandboxed code. Additionally subclasses of this environment may override the methods that tell the runtime what attributes or functions are safe to access. If the template tries to access insecure code a?[SecurityError](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SecurityError "jinja2.sandbox.SecurityError")?is raised. However also other exceptions may occour during the rendering so the caller has to ensure that all exceptions are catched. call_binop(*context*,?*operator*,?*left*,?*right*)[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.call_binop "Permalink to this definition") For intercepted binary operator calls ([intercepted_binops()](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.intercepted_binops "jinja2.sandbox.SandboxedEnvironment.intercepted_binops")) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. New in version 2.6. call_unop(*context*,?*operator*,?*arg*)[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.call_unop "Permalink to this definition") For intercepted unary operator calls ([intercepted_unops()](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.intercepted_unops "jinja2.sandbox.SandboxedEnvironment.intercepted_unops")) this function is executed instead of the builtin operator. This can be used to fine tune the behavior of certain operators. New in version 2.6. default_binop_table*?= {'//': , '%': , '+': , '*': , '-': , '/': , '**': }*[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.default_binop_table "Permalink to this definition") default callback table for the binary operators. A copy of this is available on each instance of a sandboxed environment as?binop_table default_unop_table*?= {'+': , '-': }*[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.default_unop_table "Permalink to this definition") default callback table for the unary operators. A copy of this is available on each instance of a sandboxed environment as?unop_table intercepted_binops*?= frozenset([])*[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.intercepted_binops "Permalink to this definition") a set of binary operators that should be intercepted. Each operator that is added to this set (empty by default) is delegated to the?[call_binop()](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.call_binop "jinja2.sandbox.SandboxedEnvironment.call_binop")?method that will perform the operator. The default operator callback is specified by?binop_table. The following binary operators are interceptable:?//,?%,?+,?*,?-,?/, and?** The default operation form the operator table corresponds to the builtin function. Intercepted calls are always slower than the native operator call, so make sure only to intercept the ones you are interested in. New in version 2.6. intercepted_unops*?= frozenset([])*[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.intercepted_unops "Permalink to this definition") a set of unary operators that should be intercepted. Each operator that is added to this set (empty by default) is delegated to the?[call_unop()](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.call_unop "jinja2.sandbox.SandboxedEnvironment.call_unop")?method that will perform the operator. The default operator callback is specified by?unop_table. The following unary operators are interceptable:?+,?- The default operation form the operator table corresponds to the builtin function. Intercepted calls are always slower than the native operator call, so make sure only to intercept the ones you are interested in. New in version 2.6. is_safe_attribute(*obj*,?*attr*,?*value*)[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.is_safe_attribute "Permalink to this definition") The sandboxed environment will call this method to check if the attribute of an object is safe to access. Per default all attributes starting with an underscore are considered private as well as the special attributes of internal python objects as returned by the?[is_internal_attribute()](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.is_internal_attribute "jinja2.sandbox.is_internal_attribute")?function. is_safe_callable(*obj*)[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.is_safe_callable "Permalink to this definition") Check if an object is safely callable. Per default a function is considered safe unless the?unsafe_callable?attribute exists and is True. Override this method to alter the behavior, but this won’t affect the?unsafe?decorator from this module. *class?*jinja2.sandbox.ImmutableSandboxedEnvironment([*options*])[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.ImmutableSandboxedEnvironment "Permalink to this definition") Works exactly like the regular?SandboxedEnvironment?but does not permit modifications on the builtin mutable objects?list,?set, and?dict?by using the[modifies_known_mutable()](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.modifies_known_mutable "jinja2.sandbox.modifies_known_mutable")?function. *exception?*jinja2.sandbox.SecurityError(*message=None*)[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SecurityError "Permalink to this definition") Raised if a template tries to do something insecure if the sandbox is enabled. jinja2.sandbox.unsafe(*f*)[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.unsafe "Permalink to this definition") Marks a function or method as unsafe. ~~~ @unsafe def delete(self): pass ~~~ jinja2.sandbox.is_internal_attribute(*obj*,?*attr*)[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.is_internal_attribute "Permalink to this definition") Test if the attribute given is an internal python attribute. For example this function returns?True?for the?func_code?attribute of python objects. This is useful if the environment method?[is_safe_attribute()](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.SandboxedEnvironment.is_safe_attribute "jinja2.sandbox.SandboxedEnvironment.is_safe_attribute")?is overridden. ~~~ >>> from jinja2.sandbox import is_internal_attribute >>> is_internal_attribute(lambda: None, "func_code") True >>> is_internal_attribute((lambda x:x).func_code, 'co_code') True >>> is_internal_attribute(str, "upper") False ~~~ jinja2.sandbox.modifies_known_mutable(*obj*,?*attr*)[](http://docs.jinkan.org/docs/jinja2/sandbox.html#jinja2.sandbox.modifies_known_mutable "Permalink to this definition") This function checks if an attribute on a builtin mutable object (list, dict, set or deque) would modify it if called. It also supports the “user”-versions of the objects (sets.Set,UserDict.*?etc.) and with Python 2.6 onwards the abstract base classes?MutableSet,MutableMapping, and?MutableSequence. ~~~ >>> modifies_known_mutable({}, "clear") True >>> modifies_known_mutable({}, "keys") False >>> modifies_known_mutable([], "append") True >>> modifies_known_mutable([], "index") False ~~~ If called with an unsupported object (such as unicode)?False?is returned. ~~~ >>> modifies_known_mutable("foo", "upper") False ~~~ 提示 Jinja2 沙箱自己并沒有徹底解決安全問題。特別是對 web 應用，你必須曉得用戶可能用任意 HTML 來創建模板，所以保證他們不通過注入 JavaScript 或其它更多方法來互相損害至關重要（如果你在同一個服務器上運行多用戶）。同樣，沙箱的好處取決于配置。我們強烈建議只向模板傳遞非共享資源，并且使用某種屬性白名單。也請記住，模板會拋出運行時或編譯期錯誤，確保捕獲它們。