Skip to content

fix(core): add more sanitization to templates#36612

Merged
Eugene Yurtsev (eyurtsev) merged 1 commit intomasterfrom
eugene/f_template_patch
Apr 8, 2026
Merged

fix(core): add more sanitization to templates#36612
Eugene Yurtsev (eyurtsev) merged 1 commit intomasterfrom
eugene/f_template_patch

Conversation

@eyurtsev
Copy link
Copy Markdown
Collaborator

@eyurtsev Eugene Yurtsev (eyurtsev) commented Apr 8, 2026
edited
Loading

add more sanitization to templates

@github-actions github-actions Bot added core `langchain-core` package issues & PRs internal size: M 200-499 LOC labels Apr 8, 2026
@eyurtsev Eugene Yurtsev (eyurtsev) changed the title core: templates fix(core): add more sanitization to templates Apr 8, 2026
@github-actions github-actions Bot added the fix For PRs that implement a fix label Apr 8, 2026
@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Apr 8, 2026

Merging this PR will not alter performance

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

✅ 13 untouched benchmarks
⏩ 27 skipped benchmarks1

Comparing eugene/f_template_patch (4334901) with master (65bbd47)2

Open in CodSpeed

Footnotes

  1. 27 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

  2. No successful run was found on master (7e5858d) during the generation of this report, so 65bbd47 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report.

@eyurtsev Eugene Yurtsev (eyurtsev) marked this pull request as ready for review April 8, 2026 18:10
Copilot AI review requested due to automatic review settings April 8, 2026 18:10
@eyurtsev Eugene Yurtsev (eyurtsev) merged commit af2ed47 into master Apr 8, 2026
182 of 186 checks passed
@eyurtsev Eugene Yurtsev (eyurtsev) deleted the eugene/f_template_patch branch April 8, 2026 18:10
Copilot AI reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens template sanitization for prompt templates, focusing on preventing f-string template injection vectors (attribute access/indexing and nested replacement fields in format specs) and ensuring prompt template types validate their embedded string templates during construction/deserialization.

Changes:

  • Added validate_f_string_template() to centralize f-string template validation and integrated it into get_template_variables() and check_valid_template().
  • Added validation for ImagePromptTemplate and DictPromptTemplate to reject unsafe variable expressions in template string values (including via deserialization).
  • Expanded unit test coverage for rejecting nested replacement fields in format specs and attribute access patterns across prompt template types.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
libs/core/langchain_core/prompts/string.py Centralizes and strengthens f-string template parsing/validation, including nested replacement field blocking.
libs/core/langchain_core/prompts/image.py Adds validation pass over string template values to reject unsafe variable expressions.
libs/core/langchain_core/prompts/dict.py Adds a Pydantic model validator to ensure dict templates contain only safe variables.
libs/core/tests/unit_tests/prompts/test_string.py Adds tests covering nested replacement fields and safe format specifiers.
libs/core/tests/unit_tests/prompts/test_image.py Adds tests ensuring ImagePromptTemplate rejects attribute access (including via deserialization).
libs/core/tests/unit_tests/prompts/test_dict.py Adds tests ensuring DictPromptTemplate and PromptTemplate reject attribute access (including via deserialization/load paths).
libs/core/tests/unit_tests/prompts/test_chat.py Adds test ensuring nested replacement fields are rejected inside image URL templates in chat prompts.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread libs/core/langchain_core/prompts/image.py
Comment on lines +62 to +64
for value in template.values():
if isinstance(value, str):
get_template_variables(value, template_format)
Copy link

Copilot AI Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ImagePromptTemplate.__init__ now calls template.values() before Pydantic validation. If template is not a dict (e.g., malformed payload during deserialization), this will raise an AttributeError rather than a clean validation error. Consider guarding with isinstance(template, dict) (or moving this check into a @model_validator(mode="after") so it runs after field validation) to keep error handling consistent and avoid unexpected exceptions.

Suggested change
for value in template.values():
if isinstance(value, str):
get_template_variables(value, template_format)
if isinstance(template, dict):
for value in template.values():
if isinstance(value, str):
get_template_variables(value, template_format)

Copilot uses AI. Check for mistakes.
@claude claude Bot mentioned this pull request Apr 9, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ccurme ccurme (ccurme) ccurme approved these changes

Assignees

No one assigned

Labels

core `langchain-core` package issues & PRs fix For PRs that implement a fix internal size: M 200-499 LOC

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@eyurtsev @ccurme