diff options
author | Armin Ronacher <armin.ronacher@active-4.com> | 2008-05-28 11:26:59 +0200 |
---|---|---|
committer | Armin Ronacher <armin.ronacher@active-4.com> | 2008-05-28 11:26:59 +0200 |
commit | 9bb7e4779182490abc6e1784b0ee63d22b91b11e (patch) | |
tree | c3d0fc34b160a00e1f738118c9cf0b5e34e25822 /docs/sandbox.rst | |
parent | d71fff001dcf0d2a689c7db6003fc0e1cc0846c6 (diff) | |
download | jinja2-9bb7e4779182490abc6e1784b0ee63d22b91b11e.tar.gz |
some more documentation updates and minor code cleanups. Additionally True and true in the template are the same now, same for false/False and none/None.
--HG--
branch : trunk
Diffstat (limited to 'docs/sandbox.rst')
-rw-r--r-- | docs/sandbox.rst | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/sandbox.rst b/docs/sandbox.rst index f6ec78c..bb0ca9f 100644 --- a/docs/sandbox.rst +++ b/docs/sandbox.rst @@ -29,3 +29,18 @@ SecurityError: access to attribute 'func_code' of 'function' object is unsafe. .. autofunction:: is_internal_attribute .. autofunction:: modifies_known_mutable + +.. admonition:: Note + + The Jinja2 sandbox alone is no solution for perfect security. Especially + for web applications you have to keep in mind that users may create + templates with arbitrary HTML in so it's crucial to ensure that (if you + are running multiple users on the same server) they can't harm each other + via JavaScript insertions and much more. + + Also the sandbox is only as good as the configuration. We stronly + recommend only passing non-shared resources to the template and use + some sort of whitelisting for attributes. + + Also keep in mind that templates may raise runtime or compile time errors, + so make sure to catch them. |