From ffe0caa1f03a4131e5b740cb34847771d4ca8887 Mon Sep 17 00:00:00 2001
From: Armin Ronacher <armin.ronacher@active-4.com>
Date: Fri, 6 Jan 2017 21:01:47 +0100
Subject: Expect format

---
 jinja2/sandbox.py      | 81 +++++++++++++++++++++++---------------------------
 tests/test_security.py |  3 +-
 2 files changed, 39 insertions(+), 45 deletions(-)

diff --git a/jinja2/sandbox.py b/jinja2/sandbox.py
index 549c427..b1462b5 100644
--- a/jinja2/sandbox.py
+++ b/jinja2/sandbox.py
@@ -20,11 +20,8 @@ from jinja2.exceptions import SecurityError
 from jinja2._compat import string_types, text_type, PY2
 from jinja2.utils import Markup
 
-has_format = False
-if hasattr(text_type, 'format'):
-    from markupsafe import EscapeFormatter
-    from string import Formatter
-    has_format = True
+from markupsafe import EscapeFormatter
+from string import Formatter
 
 
 #: maximum number of items a range may produce
@@ -82,13 +79,11 @@ except ImportError:
     pass
 
 #: register Python 2.6 abstract base classes
-try:
-    from collections import MutableSet, MutableMapping, MutableSequence
-    _mutable_set_types += (MutableSet,)
-    _mutable_mapping_types += (MutableMapping,)
-    _mutable_sequence_types += (MutableSequence,)
-except ImportError:
-    pass
+from collections import MutableSet, MutableMapping, MutableSequence
+_mutable_set_types += (MutableSet,)
+_mutable_mapping_types += (MutableMapping,)
+_mutable_sequence_types += (MutableSequence,)
+
 
 _mutable_spec = (
     (_mutable_set_types, frozenset([
@@ -140,8 +135,6 @@ class _MagicFormatMapping(Mapping):
 
 
 def inspect_format_method(callable):
-    if not has_format:
-        return None
     if not isinstance(callable, (types.MethodType,
                                  types.BuiltinMethodType)) or \
        callable.__name__ != 'format':
@@ -446,35 +439,37 @@ class ImmutableSandboxedEnvironment(SandboxedEnvironment):
         return not modifies_known_mutable(obj, attr)
 
 
-if has_format:
-    # This really is not a public API apparenlty.
-    try:
-        from _string import formatter_field_name_split
-    except ImportError:
-        def formatter_field_name_split(field_name):
-            return field_name._formatter_field_name_split()
+# This really is not a public API apparenlty.
+try:
+    from _string import formatter_field_name_split
+except ImportError:
+    def formatter_field_name_split(field_name):
+        return field_name._formatter_field_name_split()
 
-    class SandboxedFormatterMixin(object):
 
-        def __init__(self, env):
-            self._env = env
+class SandboxedFormatterMixin(object):
 
-        def get_field(self, field_name, args, kwargs):
-            first, rest = formatter_field_name_split(field_name)
-            obj = self.get_value(first, args, kwargs)
-            for is_attr, i in rest:
-                if is_attr:
-                    obj = self._env.getattr(obj, i)
-                else:
-                    obj = self._env.getitem(obj, i)
-            return obj, first
-
-    class SandboxedFormatter(SandboxedFormatterMixin, Formatter):
-        def __init__(self, env):
-            SandboxedFormatterMixin.__init__(self, env)
-            Formatter.__init__(self)
-
-    class SandboxedEscapeFormatter(SandboxedFormatterMixin, EscapeFormatter):
-        def __init__(self, env, escape):
-            SandboxedFormatterMixin.__init__(self, env)
-            EscapeFormatter.__init__(self, escape)
+    def __init__(self, env):
+        self._env = env
+
+    def get_field(self, field_name, args, kwargs):
+        first, rest = formatter_field_name_split(field_name)
+        obj = self.get_value(first, args, kwargs)
+        for is_attr, i in rest:
+            if is_attr:
+                obj = self._env.getattr(obj, i)
+            else:
+                obj = self._env.getitem(obj, i)
+        return obj, first
+
+class SandboxedFormatter(SandboxedFormatterMixin, Formatter):
+
+    def __init__(self, env):
+        SandboxedFormatterMixin.__init__(self, env)
+        Formatter.__init__(self)
+
+class SandboxedEscapeFormatter(SandboxedFormatterMixin, EscapeFormatter):
+
+    def __init__(self, env, escape):
+        SandboxedFormatterMixin.__init__(self, env)
+        EscapeFormatter.__init__(self, escape)
diff --git a/tests/test_security.py b/tests/test_security.py
index 33d204c..ff8f2b1 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -12,7 +12,7 @@ import pytest
 
 from jinja2 import Environment
 from jinja2.sandbox import SandboxedEnvironment, \
-     ImmutableSandboxedEnvironment, unsafe, has_format
+     ImmutableSandboxedEnvironment, unsafe
 from jinja2 import Markup, escape
 from jinja2.exceptions import SecurityError, TemplateSyntaxError, \
      TemplateRuntimeError
@@ -166,7 +166,6 @@ class TestSandbox(object):
 
 
 @pytest.mark.sandbox
-@pytest.mark.skipif(not has_format, reason='No format support')
 class TestStringFormat(object):
 
     def test_basic_format_safety(self):
-- 
cgit v1.2.1