When parsing json from untrusted sources, remove templating tags

2026-05-07 22:02:50 +00:00 · 2014-06-30 15:59:32 -05:00
parent eeb597360e
commit 8ed6350e65
5 changed files with 41 additions and 19 deletions
--- a/lib/ansible/utils/template.py
+++ b/lib/ansible/utils/template.py
@@ -80,7 +80,6 @@ class Flags:

 FILTER_PLUGINS = None
 _LISTRE = re.compile(r"(\w+)\[(\d+)\]")
-JINJA2_OVERRIDE='#jinja2:'

 def lookup(name, *args, **kwargs):
    from ansible import utils
@@ -231,16 +230,6 @@ def template_from_file(basedir, path, vars, vault_password=None):
    except:
        raise errors.AnsibleError("unable to read %s" % realpath)

-
-    # Get jinja env overrides from template
-    if data.startswith(JINJA2_OVERRIDE):
-        eol = data.find('\n')
-        line = data[len(JINJA2_OVERRIDE):eol]
-        data = data[eol+1:]
-        for pair in line.split(','):
-            (key,val) = pair.split(':')
-            setattr(environment,key.strip(),ast.literal_eval(val.strip()))
-
    environment.template_class = J2Template
    try:
        t = environment.from_string(data)