Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: Jinja2 package sandboxing #1087

Open
bdashore3 opened this issue Dec 30, 2024 · 2 comments
Open

Question: Jinja2 package sandboxing #1087

bdashore3 opened this issue Dec 30, 2024 · 2 comments

Comments

@bdashore3
Copy link

Hi there,
I was looking into the @huggingface/jinja package as an alternative to nunjucks and was wondering if it's safe to use with user-defined templates. The main reason I'm asking this is because of a warning on the nunjucks website:

nunjucks does not sandbox execution so it is not safe to run user-defined templates or inject user-defined content into template definitions. On the server, you can expose attack vectors for accessing sensitive data and remote code execution. On the client, you can expose cross-site scripting vulnerabilities even for precompiled templates (which can be mitigated with a strong CSP). See this issue for more information.

This is not a huge concern at the moment based on how I handle templates in my software, but I may need to make the switch at some point to something more secure.

If @xenova can answer, that would be very helpful. Thanks!
@xenova
Copy link
Contributor

xenova commented Dec 30, 2024

Hi @bdashore3 👋 Indeed, @huggingface/jinja execution is sandboxed for this exact reason, so you are able to use it to parse user-defined templates.

Do note, however, that the library is not 100% feature compatible with the Jinja templating language, as it is a minimalistic re-implementation, designed specifically for chat templates.

Hopefully that answers your questions!

@bdashore3
Copy link
Author

bdashore3 commented Dec 30, 2024
edited
Loading

Thanks for the quick response @xenova. This seems very helpful for my usecase.

After looking through the package, I had a few questions/suggestions:

  1. Exposing AST types: I tried to traverse the template node tree via template.parsed and can figure out the type of a statement, but I can't check/cast that statement to the appropriate type. For example, a statement with type Set can't be interpreted as a SetStatement since the type isn't exposed from the package. I can try making a PR for this.
  2. Multiline set/endset: This should make it easier when setting variables that span multiple lines (Documentation). This will support tool templates such as FireFunctionV2
  3. Document which filters/features are supported: Every default filter provided by jinja isn't supported in this library, so it would be helpful to new users if they knew what subset of jinja is supported in this lib.

Thanks in advance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bdashore3 @xenova