paperless-ngx/src/documents/templating/environment.py

from jinja2.sandbox import SandboxedEnvironment


class JinjaEnvironment(SandboxedEnvironment):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.undefined_tracker = None

    def is_safe_callable(self, obj):
        # Block access to .save() and .delete() methods
        if callable(obj) and getattr(obj, "__name__", None) in (
            "save",
            "delete",
            "update",
        ):
            return False
        # Call the parent method for other cases
        return super().is_safe_callable(obj)


_template_environment = JinjaEnvironment(
    trim_blocks=True,
    lstrip_blocks=True,
    keep_trailing_newline=False,
    autoescape=False,
    extensions=["jinja2.ext.loopcontrols"],
)
Enhancement: jinja template support for workflow title assignment (#10700) --------- Co-authored-by: Trenton Holmes <797416+stumpylog@users.noreply.github.com> Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com> 2025-09-11 15:56:16 +02:00			`from jinja2.sandbox import SandboxedEnvironment`


			`class JinjaEnvironment(SandboxedEnvironment):`
			`def __init__(self, args, *kwargs):`
			`super().__init__(args, *kwargs)`
			`self.undefined_tracker = None`

			`def is_safe_callable(self, obj):`
			`# Block access to .save() and .delete() methods`
			`if callable(obj) and getattr(obj, "__name__", None) in (`
			`"save",`
			`"delete",`
			`"update",`
			`):`
			`return False`
			`# Call the parent method for other cases`
			`return super().is_safe_callable(obj)`


			`_template_environment = JinjaEnvironment(`
			`trim_blocks=True,`
			`lstrip_blocks=True,`
			`keep_trailing_newline=False,`
			`autoescape=False,`
			`extensions=["jinja2.ext.loopcontrols"],`
			`)`