youngkingdom/ragflow
1
0
Fork 0
mirror of https://github.com/infiniflow/ragflow.git synced 2026-04-26 05:25:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

security: Adopt Jinja2 SandboxedEnvironment for template rendering. (#13305)

Browse Source
This commit is contained in:
Yihang Wang
2026-03-02 13:17:29 +08:00
committed by GitHub
parent 860c4bd0bb
commit 7fc97da610
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
agent/component/string_transform.py
View File

@ -18,7 +18,9 @@ import re
from abc import ABC
from typing import Any
from jinja2 import Template as Jinja2Template
from jinja2.sandbox import SandboxedEnvironment
_jinja2_sandbox = SandboxedEnvironment()
from agent.component.base import ComponentParamBase
from common.connection_utils import timeout
from .message import Message
@ -96,7 +98,7 @@ class StringTransform(Message, ABC):
script, kwargs = self.get_kwargs(script, kwargs, self._param.delimiters[0])
if self._is_jinjia2(script):
template = Jinja2Template(script)
template = _jinja2_sandbox.from_string(script)
try:
script = template.render(kwargs)
except Exception: