diff options
author | Armin Ronacher <armin.ronacher@active-4.com> | 2008-05-26 13:35:58 +0200 |
---|---|---|
committer | Armin Ronacher <armin.ronacher@active-4.com> | 2008-05-26 13:35:58 +0200 |
commit | 24b6558c3e8ea20d3f08481377970e53a80db33a (patch) | |
tree | b502205cf04ba821ea94c9817df03a4cfbc46834 /tests/test_security.py | |
parent | f15f5f7fd77d93bf46b5db91e4f9820f25b7dd8d (diff) | |
download | jinja2-24b6558c3e8ea20d3f08481377970e53a80db33a.tar.gz |
added attr filter
--HG--
branch : trunk
Diffstat (limited to 'tests/test_security.py')
-rw-r--r-- | tests/test_security.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/test_security.py b/tests/test_security.py index 68b1515..7c812c0 100644 --- a/tests/test_security.py +++ b/tests/test_security.py @@ -6,10 +6,12 @@ :copyright: 2007 by Armin Ronacher. :license: BSD, see LICENSE for more details. """ +from py.test import raises from jinja2 import Environment from jinja2.sandbox import SandboxedEnvironment, \ ImmutableSandboxedEnvironment, unsafe from jinja2 import Markup, escape +from jinja2.exceptions import SecurityError class PrivateStuff(object): @@ -132,3 +134,9 @@ def test_template_data(): assert escape(t.module) == escaped_out assert t.module.say_hello('<blink>foo</blink>') == escaped_out assert escape(t.module.say_hello('<blink>foo</blink>')) == escaped_out + + +def test_attr_filter(): + env = SandboxedEnvironment() + tmpl = env.from_string('{{ 42|attr("__class__")|attr("__subclasses__")() }}') + raises(SecurityError, tmpl.render) |