Skip to content

Commit 03758f3

Browse files
jasmith-hsjasmith-hs
committed
Add test that prevents bypassing the JinjavaBeanELResolver's class
restrictions
1 parent 72b08f5 commit 03758f3

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

src/test/java/com/hubspot/jinjava/lib/tag/ForTagTest.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -406,6 +406,15 @@ public void forLoopTupleWithNullValues() {
406406
assertThat(result).isEqualTo(" -1 -1 null null null ");
407407
}
408408

409+
@Test
410+
public void itUsesJinjavaRestrictedResolverOnReadingLoopVars() {
411+
String template =
412+
"""
413+
{% for _, config, class in ____int3rpr3t3r____ %}{{ class }}{% endfor %}""";
414+
String result = interpreter.render(template);
415+
assertThat(result).isEqualTo("");
416+
}
417+
409418
public static boolean inForLoop() {
410419
JinjavaInterpreter interpreter = JinjavaInterpreter.getCurrent();
411420
return interpreter.getContext().isInForLoop();

0 commit comments

Comments
 (0)