added attr filter

--HG-- branch : trunk
author: Armin Ronacher <armin.ronacher@active-4.com> 2008-05-26 13:35:58 +0200
committer: Armin Ronacher <armin.ronacher@active-4.com> 2008-05-26 13:35:58 +0200
commit: 24b6558c3e8ea20d3f08481377970e53a80db33a (patch)
tree: b502205cf04ba821ea94c9817df03a4cfbc46834 /tests/test_security.py
parent: f15f5f7fd77d93bf46b5db91e4f9820f25b7dd8d (diff)
download: jinja2-24b6558c3e8ea20d3f08481377970e53a80db33a.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/test_security.py b/tests/test_security.py
index 68b1515..7c812c0 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -6,10 +6,12 @@
     :copyright: 2007 by Armin Ronacher.
     :license: BSD, see LICENSE for more details.
 """
+from py.test import raises
 from jinja2 import Environment
 from jinja2.sandbox import SandboxedEnvironment, \
      ImmutableSandboxedEnvironment, unsafe
 from jinja2 import Markup, escape
+from jinja2.exceptions import SecurityError
 
 
 class PrivateStuff(object):
@@ -132,3 +134,9 @@ def test_template_data():
     assert escape(t.module) == escaped_out
     assert t.module.say_hello('<blink>foo</blink>') == escaped_out
     assert escape(t.module.say_hello('<blink>foo</blink>')) == escaped_out
+
+
+def test_attr_filter():
+    env = SandboxedEnvironment()
+    tmpl = env.from_string('{{ 42|attr("__class__")|attr("__subclasses__")() }}')
+    raises(SecurityError, tmpl.render)
author	Armin Ronacher <armin.ronacher@active-4.com>	2008-05-26 13:35:58 +0200
committer	Armin Ronacher <armin.ronacher@active-4.com>	2008-05-26 13:35:58 +0200
commit	24b6558c3e8ea20d3f08481377970e53a80db33a (patch)
tree	b502205cf04ba821ea94c9817df03a4cfbc46834 /tests/test_security.py
parent	f15f5f7fd77d93bf46b5db91e4f9820f25b7dd8d (diff)
download	jinja2-24b6558c3e8ea20d3f08481377970e53a80db33a.tar.gz