From 6176c95838271d56b3eb4a2024ce53471ded20f2 Mon Sep 17 00:00:00 2001
From: James Cammarata <jimi@sngx.net>
Date: Fri, 10 Feb 2017 09:34:35 -0600
Subject: Also clean template data even if marked unsafe

Fixes #20568

(cherry picked from commit 86beb55a9041a92d0ab2f28ea7fe042997b8059f)
---
 lib/ansible/template/__init__.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/ansible/template/__init__.py b/lib/ansible/template/__init__.py
index 7e0c559707..43ef6549bc 100644
--- a/lib/ansible/template/__init__.py
+++ b/lib/ansible/template/__init__.py
@@ -274,7 +274,7 @@ class Templar:
     def _clean_data(self, orig_data):
         ''' remove jinja2 template tags from a string '''
 
-        if not isinstance(orig_data, string_types) or hasattr(orig_data, '__ENCRYPTED__') or hasattr(orig_data, '__UNSAFE__'):
+        if not isinstance(orig_data, string_types) or hasattr(orig_data, '__ENCRYPTED__'):
             return orig_data
 
         with contextlib.closing(StringIO(orig_data)) as data:
@@ -382,6 +382,7 @@ class Templar:
                             overrides=overrides,
                             disable_lookups=disable_lookups,
                         )
+
                         unsafe = hasattr(result, '__UNSAFE__')
                         if convert_data and not self._no_type_regex.match(variable):
                             # if this looks like a dictionary or list, convert it to such using the safe_eval method
-- 
cgit v1.2.1