Is there a way to disable or override mathematical operations?
Background: I'm thinking of using Jinja2 for user created templates
(eg any registered user on my site can create template that'll be
rendered on my server). I'm wondering if this can be made safe with
Jinja2 using the sandbox?
An obvious problem is the user using lots of memory by evaluating a
large operation like "{{ 99999999**999999999 }}"
Also, the same problem exists with evaluating the "range" function.
I'd like to keep that available, but I also want limit the size of
iterables that the user may create. I see no way of evaluating whether
a callable is safe in the context of the arguments that are passed to
it.
Thanks,
Kenji
--
You received this message because you are subscribed to the Google Groups
"pocoo-libs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pocoo-libs?hl=en.
