Untrusted template strings are a bad idea. It’s code and if you are going to run user code, run it in a sandbox.
The Jinja sandbox seems to be a specific case of the “running untrusted code safely” uphill battle.
Personally , I think that if you want to offer “transparent” access to objects in a template language, then you need to trust your input.
I barely trust running untrusted input to strftime, let alone to Python’s getattr
strftime
getattr
Untrusted template strings are a bad idea. It’s code and if you are going to run user code, run it in a sandbox.
The Jinja sandbox seems to be a specific case of the “running untrusted code safely” uphill battle.
Personally , I think that if you want to offer “transparent” access to objects in a template language, then you need to trust your input.
I barely trust running untrusted input to
strftime, let alone to Python’sgetattr