mirror of
https://github.com/hwchase17/langchain.git
synced 2026-03-18 02:53:16 +00:00
6a07b3acda
## Summary
- The inline comment at `langchain_core/prompts/string.py:67-69`
incorrectly states that `SandboxedEnvironment` "blocks ALL
attribute/method access" and that "only simple variable lookups like
`{{variable}}` are allowed."
- In reality, Jinja2's `SandboxedEnvironment` only blocks access to
dunder attributes (`__class__`, `__globals__`, etc.) to prevent sandbox
escapes. Regular attribute access like `{{obj.content}}` and method
calls remain allowed.
- This misleading comment was left behind when a
`_RestrictedSandboxedEnvironment` class was reverted in commit
395c8d0bd4. Updated to accurately describe the actual behavior.
## Why this matters
The comment could mislead developers into trusting partially-untrusted
templates, believing attribute access is blocked when it is not. The
function's docstring already correctly warns against untrusted
templates.
## Test plan
- [ ] No behavioral change — comment-only fix
- [ ] Verified `SandboxedEnvironment` behavior matches updated comment
> This PR was authored with the help of AI tools.