Security — Aquilia Documentation
Comprehensive guide and documentation for Security in the Aquilia framework. View API reference, examples, and implementation patterns.
Templates / Security Template Security Sandbox AquilaTemplates enforces restricted sandboxing by default. The TemplateSandbox class and its accompanying SandboxPolicy prevent templates from executing arbitrary Python scripts or calling unauthorized object methods. SandboxPolicy Options Define sandbox policies by initializing SandboxPolicy with custom whitelists, or use the pre-configured classmethod presets: from aquilia.templates import SandboxPolicy, TemplateSandbox # 1. Custom Whitelist Security Policy policy = SandboxPolicy( allow_unsafe_filters=False, allow_unsafe_tests=False, allow_unsafe_globals=False, allowed_filters= , allowed_tests= , allowed_globals= , autoescape=True, autoescape_extensions=["html", "htm", "xml", "xhtml"], max_recursion_depth=50 ) sandbox = TemplateSandbox(policy=policy, immutable=True) Standard Policy Presets SandboxPolicy.strict() (Default) Blocks all unsafe actions, filters, tests, and globals. Allows only whitelisted operations. Perfect for production environments rendering user-submitted templates. SandboxPolicy.permissive() Expands the allowed filters and tests list (adding operations like tojson and xmlattr) to aid in diagnostic reporting and development-level debugging. Sandbox Whitelist References The following standard features are whitelisted out-of-the-box by the default strict policy: , , ].map((item, i) => ( ))} Auto-Escaping & XSS Prevention To safeguard templates against Cross-Site Scripting (XSS), the environment automatically escapes standard variables matching the autoescape_extensions set: } } } Loaders Mail )
Go to Homepage