Skip to content

Commit

Permalink
fix f-string syntax error in code generation (#1852)
Browse files Browse the repository at this point in the history
  • Loading branch information
davidism authored Dec 20, 2024
2 parents 48b0687 + 56a7246 commit 767b236
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 1 deletion.
3 changes: 3 additions & 0 deletions CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ Unreleased
- The sandboxed environment handles indirect calls to ``str.format``, such as
by passing a stored reference to a filter that calls its argument.
:ghsa:`q2x7-8rv6-6q7h`
- Escape template name before formatting it into error messages, to avoid
issues with names that contain f-string syntax.
:issue:`1792`, :ghsa:`gmj6-6f8f-6699`
- Sandbox does not allow ``clear`` and ``pop`` on known mutable sequence
types. :issue:`2032`
- Calling sync ``render`` for an async template uses ``asyncio.run``.
Expand Down
7 changes: 6 additions & 1 deletion src/jinja2/compiler.py
Original file line number Diff line number Diff line change
Expand Up @@ -1141,9 +1141,14 @@ def visit_FromImport(self, node: nodes.FromImport, frame: Frame) -> None:
)
self.writeline(f"if {frame.symbols.ref(alias)} is missing:")
self.indent()
# The position will contain the template name, and will be formatted
# into a string that will be compiled into an f-string. Curly braces
# in the name must be replaced with escapes so that they will not be
# executed as part of the f-string.
position = self.position(node).replace("{", "{{").replace("}", "}}")
message = (
"the template {included_template.__name__!r}"
f" (imported on {self.position(node)})"
f" (imported on {position})"
f" does not export the requested name {name!r}"
)
self.writeline(
Expand Down
19 changes: 19 additions & 0 deletions tests/test_compile.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
import os
import re

import pytest

from jinja2 import UndefinedError
from jinja2.environment import Environment
from jinja2.loaders import DictLoader

Expand Down Expand Up @@ -87,3 +90,19 @@ def test_block_set_vars_unpacking_deterministic(tmp_path):
content,
)[:10]
assert found == expect


def test_undefined_import_curly_name():
env = Environment(
loader=DictLoader(
{
"{bad}": "{% from 'macro' import m %}{{ m() }}",
"macro": "",
}
)
)

# Must not raise `NameError: 'bad' is not defined`, as that would indicate
# that `{bad}` is being interpreted as an f-string. It must be escaped.
with pytest.raises(UndefinedError):
env.get_template("{bad}").render()

0 comments on commit 767b236

Please # to comment.