some more documentation updates and minor code cleanups. Additionally True and true in the template are the same now, same for false/False and none/None.

--HG-- branch : trunk
author: Armin Ronacher <armin.ronacher@active-4.com> 2008-05-28 11:26:59 +0200
committer: Armin Ronacher <armin.ronacher@active-4.com> 2008-05-28 11:26:59 +0200
commit: 9bb7e4779182490abc6e1784b0ee63d22b91b11e (patch)
tree: c3d0fc34b160a00e1f738118c9cf0b5e34e25822 /docs/sandbox.rst
parent: d71fff001dcf0d2a689c7db6003fc0e1cc0846c6 (diff)
download: jinja2-9bb7e4779182490abc6e1784b0ee63d22b91b11e.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/sandbox.rst b/docs/sandbox.rst
index f6ec78c..bb0ca9f 100644
--- a/docs/sandbox.rst
+++ b/docs/sandbox.rst
@@ -29,3 +29,18 @@ SecurityError: access to attribute 'func_code' of 'function' object is unsafe.
 .. autofunction:: is_internal_attribute
 
 .. autofunction:: modifies_known_mutable
+
+.. admonition:: Note
+
+    The Jinja2 sandbox alone is no solution for perfect security.  Especially
+    for web applications you have to keep in mind that users may create
+    templates with arbitrary HTML in so it's crucial to ensure that (if you
+    are running multiple users on the same server) they can't harm each other
+    via JavaScript insertions and much more.
+
+    Also the sandbox is only as good as the configuration.  We stronly
+    recommend only passing non-shared resources to the template and use
+    some sort of whitelisting for attributes.
+
+    Also keep in mind that templates may raise runtime or compile time errors,
+    so make sure to catch them.
author	Armin Ronacher <armin.ronacher@active-4.com>	2008-05-28 11:26:59 +0200
committer	Armin Ronacher <armin.ronacher@active-4.com>	2008-05-28 11:26:59 +0200
commit	9bb7e4779182490abc6e1784b0ee63d22b91b11e (patch)
tree	c3d0fc34b160a00e1f738118c9cf0b5e34e25822 /docs/sandbox.rst
parent	d71fff001dcf0d2a689c7db6003fc0e1cc0846c6 (diff)
download	jinja2-9bb7e4779182490abc6e1784b0ee63d22b91b11e.tar.gz