Jinja vanish: Escape like a ninja

When using Jinja2-templates to output non-HTML contents, autoescaping cannot be used because it is hardcoded to work with an HTML escape function and MarkupSafe's Markup objects.

jinja_vanish enables implementing custom auto-escapes by overriding the escape function inside the generated template code using an extended code-generator and replacing the built-in filters |e and |escape. Usage is fairly simple, here is an example that uses psycopg2's mogrify() function to escape SQL for Postgres:

from datetime import datetime

from jinja_vanish import DynAutoEscapeEnvironment, markup_escape_func
from psycopg2.extensions import adapt

@markup_escape_func
def sql_escape(v):
    # the decorator handles wrapping/unwrapping in Markup(), but is
    # otherwise not necessary
    return adapt(v)


env = DynAutoEscapeEnvironment(autoescape=True, escape_func=sql_escape)
tpl = env.from_string('SELECT * FROM foo where post_date <= {{now}}')

print(tpl.render(now=datetime.now()))

Running it outputs:

SELECT * FROM foo where post_date <= '2016-01-24T23:23:22.727789'::timestamp

jinja-vanish
Release 0.1

Release 0.1

0.1

Documentation

Jinja vanish: Escape like a ninja

Stats

Development practices

Releases

Contributors

jinja-vanish Release 0.1

Release 0.1 Toggle Dropdown 0.1

Documentation

Jinja vanish: Escape like a ninja

Stats

Development practices

Releases

Contributors

jinja-vanish
Release 0.1

Release 0.1

0.1