Django template engine to render untrusted template code
Django 3.0 to 6.0
from django.template import Template
from django_safe_template_engine.engine import SafeTemplateEngine
safe_engine = SafeTemplateEngine()
Template(source, engine=safe_engine)from django_safe_template_engine.validators import validate_safe_engine_template_syntax
template_code = '{% include "hacked.html" %}'
validate_safe_engine_template_syntax(template_code)The following tags and filters are allowed by this template engine.
autoescapecommentcyclefilterfirstofforfor … emptyififchangedloremnowpartialpartialdefquerystringregroupresetcyclespacelesstemplatetagurlverbatimwidthratiowith
addaddslashescapfirstcentercutdatedefault_if_nonedefaultdictsortdictsortreverseddivisiblebyescapeescapejsfilesizeformatfirstfloatformatforce_escapeget_digitiriencodejoinjson_scriptlastlength_islengthlinebreakslinebreaksbrlinenumbersljustlowermake_listphone2numericpluralizerandomrjustsafesafeseqsliceslugifystringformatstriptagstimetimesincetimeuntiltitletruncatechars_htmltruncatecharstruncatewords_htmltruncatewordsunordered_listupperurlencodeurlizeurlizetruncwordcountwordwrapyesno
You want to add awesome features to Django Safe Template Engine? Here's how!
- Fork this repository
- Commit and push to your forked repository
- Open a pull request to merge your work into this repository
You can use tox to run the code formatting / type checking tools, and run the test suite:
tox runFor a more relevant git blame you can set up your git to use the file .git-blame-ignore-revs in blame.ignoreRevsFile:
git config blame.ignoreRevsFile .git-blame-ignore-revs