Mercurial > genshi > genshi-test
comparison genshi/template/base.py @ 647:5af131b37ab4 experimental-sandboxed
restricted is the new secure
author | aronacher |
---|---|
date | Wed, 26 Sep 2007 17:56:41 +0000 |
parents | 1cf5fdfe7214 |
children | c7dcd4dc240d |
comparison
equal
deleted
inserted
replaced
646:b6cdfcb37496 | 647:5af131b37ab4 |
---|---|
303 serializer = None | 303 serializer = None |
304 _number_conv = unicode # function used to convert numbers to event data | 304 _number_conv = unicode # function used to convert numbers to event data |
305 | 305 |
306 def __init__(self, source, basedir=None, filename=None, loader=None, | 306 def __init__(self, source, basedir=None, filename=None, loader=None, |
307 encoding=None, lookup='strict', allow_exec=True, | 307 encoding=None, lookup='strict', allow_exec=True, |
308 secure=False): | 308 restricted=False): |
309 """Initialize a template from either a string, a file-like object, or | 309 """Initialize a template from either a string, a file-like object, or |
310 an already parsed markup stream. | 310 an already parsed markup stream. |
311 | 311 |
312 :param source: a string, file-like object, or markup stream to read the | 312 :param source: a string, file-like object, or markup stream to read the |
313 template from | 313 template from |
322 :param encoding: the encoding of the `source` | 322 :param encoding: the encoding of the `source` |
323 :param lookup: the variable lookup mechanism; either "strict" (the | 323 :param lookup: the variable lookup mechanism; either "strict" (the |
324 default), "lenient", or a custom lookup class | 324 default), "lenient", or a custom lookup class |
325 :param allow_exec: whether Python code blocks in templates should be | 325 :param allow_exec: whether Python code blocks in templates should be |
326 allowed | 326 allowed |
327 :param secure: whether genshi should evaluate the template in safe | 327 :param restricted: whether genshi should evaluate the template in safe |
328 mode. See the documentation on the sandbox features | 328 mode. See the documentation on the sandbox features |
329 for more details. In secure mode allow_exec is | 329 for more details. In restricted mode allow_exec is |
330 automatically disabled. | 330 automatically disabled. |
331 | 331 |
332 :note: Changed in 0.5: Added the `allow_exec` argument | 332 :note: Changed in 0.5: Added the `allow_exec` argument |
333 """ | 333 """ |
334 self.basedir = basedir | 334 self.basedir = basedir |
337 self.filepath = os.path.join(basedir, filename) | 337 self.filepath = os.path.join(basedir, filename) |
338 else: | 338 else: |
339 self.filepath = filename | 339 self.filepath = filename |
340 self.loader = loader | 340 self.loader = loader |
341 self.lookup = lookup | 341 self.lookup = lookup |
342 self.allow_exec = not secure and allow_exec | 342 self.allow_exec = not restricted and allow_exec |
343 self.secure = secure | 343 self.restricted = restricted |
344 | 344 |
345 self.filters = [self._flatten, self._eval, self._exec] | 345 self.filters = [self._flatten, self._eval, self._exec] |
346 if loader: | 346 if loader: |
347 self.filters.append(self._include) | 347 self.filters.append(self._include) |
348 | 348 |