sandbox str.format_map

author: Armin Ronacher <armin.ronacher@active-4.com> 2019-04-06 10:50:47 -0700
committer: David Lord <davidism@gmail.com> 2019-04-06 10:50:47 -0700
commit: a2a6c930bcca591a25d2b316fcfd2d6793897b26 (patch)
tree: 5a19258a1733736f663d75048747ca4a767c6d3c /tests/test_security.py
parent: 78d2f672149e5b9b7d539c575d2c1bfc12db67a9 (diff)
download: jinja2-a2a6c930bcca591a25d2b316fcfd2d6793897b26.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/tests/test_security.py b/tests/test_security.py
index 8e4222e..5c8639c 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -187,3 +187,22 @@ class TestStringFormat(object):
         env = SandboxedEnvironment()
         t = env.from_string('{{ ("a{0.foo}b{1}"|safe).format({"foo": 42}, "<foo>") }}')
         assert t.render() == 'a42b&lt;foo&gt;'
+
+
+@pytest.mark.sandbox
+@pytest.mark.skipif(not hasattr(str, 'format_map'), reason='requires str.format_map method')
+class TestStringFormatMap(object):
+    def test_basic_format_safety(self):
+        env = SandboxedEnvironment()
+        t = env.from_string('{{ "a{x.__class__}b".format_map({"x":42}) }}')
+        assert t.render() == 'ab'
+
+    def test_basic_format_all_okay(self):
+        env = SandboxedEnvironment()
+        t = env.from_string('{{ "a{x.foo}b".format_map({"x":{"foo": 42}}) }}')
+        assert t.render() == 'a42b'
+
+    def test_safe_format_all_okay(self):
+        env = SandboxedEnvironment()
+        t = env.from_string('{{ ("a{x.foo}b{y}"|safe).format_map({"x":{"foo": 42}, "y":"<foo>"}) }}')
+        assert t.render() == 'a42b&lt;foo&gt;'
author	Armin Ronacher <armin.ronacher@active-4.com>	2019-04-06 10:50:47 -0700
committer	David Lord <davidism@gmail.com>	2019-04-06 10:50:47 -0700
commit	a2a6c930bcca591a25d2b316fcfd2d6793897b26 (patch)
tree	5a19258a1733736f663d75048747ca4a767c6d3c /tests/test_security.py
parent	78d2f672149e5b9b7d539c575d2c1bfc12db67a9 (diff)
download	jinja2-a2a6c930bcca591a25d2b316fcfd2d6793897b26.tar.gz