github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2026-02-21 14:43:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6a07b3acdadf3ef16ffa9d7b9dc25f73388cd5f8
langchain/libs/core
History
Yi Liu 6a07b3acda fix(core): correct misleading jinja2 sandboxing comment (#35183) 
## Summary
- The inline comment at `langchain_core/prompts/string.py:67-69`
incorrectly states that `SandboxedEnvironment` "blocks ALL
attribute/method access" and that "only simple variable lookups like
`{{variable}}` are allowed."
- In reality, Jinja2's `SandboxedEnvironment` only blocks access to
dunder attributes (`__class__`, `__globals__`, etc.) to prevent sandbox
escapes. Regular attribute access like `{{obj.content}}` and method
calls remain allowed.
- This misleading comment was left behind when a
`_RestrictedSandboxedEnvironment` class was reverted in commit
395c8d0bd4. Updated to accurately describe the actual behavior.

## Why this matters
The comment could mislead developers into trusting partially-untrusted
templates, believing attribute access is blocked when it is not. The
function's docstring already correctly warns against untrusted
templates.

## Test plan
- [ ] No behavioral change — comment-only fix
- [ ] Verified `SandboxedEnvironment` behavior matches updated comment

> This PR was authored with the help of AI tools.
2026-02-16 23:17:22 -05:00
..
langchain_core
fix(core): correct misleading jinja2 sandboxing comment (#35183)
2026-02-16 23:17:22 -05:00
scripts
style: bump ruff version to 0.15 (#35042)
2026-02-12 19:34:02 -05:00
tests
style: bump ruff version to 0.15 (#35042)
2026-02-12 19:34:02 -05:00
extended_testing_deps.txt
Makefile
chore: add make type target (#35015)
2026-02-04 16:16:52 -05:00
pyproject.toml
release(core): 1.2.13 (#35230)
2026-02-15 02:42:13 -05:00
README.md
style(core): lint (#34862)
2026-01-23 23:07:48 -05:00
uv.lock
chore: bump the langchain-deps group across 3 directories with 8 updates (#35257)
2026-02-16 23:11:50 -05:00

README.md

🦜🍎 LangChain Core

PyPI - Version PyPI - License PyPI - Downloads Twitter

Looking for the JS/TS version? Check out LangChain.js.

To help you ship LangChain apps to production faster, check out LangSmith. LangSmith is a unified developer platform for building, testing, and monitoring LLM applications.

Quick Install

pip install langchain-core

🤔 What is this?

LangChain Core contains the base abstractions that power the LangChain ecosystem.

These abstractions are designed to be as modular and simple as possible.

The benefit of having these abstractions is that any provider can implement the required interface and then easily be used in the rest of the LangChain ecosystem.

⛰️ Why build on top of LangChain Core?

The LangChain ecosystem is built on top of langchain-core. Some of the benefits:

  • Modularity: We've designed Core around abstractions that are independent of each other, and not tied to any specific model provider.
  • Stability: We are committed to a stable versioning scheme, and will communicate any breaking changes with advance notice and version bumps.
  • Battle-tested: Core components have the largest install base in the LLM ecosystem, and are used in production by many companies.

📖 Documentation

For full documentation, see the API reference. For conceptual guides, tutorials, and examples on using LangChain, see the LangChain Docs. You can also chat with the docs using Chat LangChain.

📕 Releases & Versioning

See our Releases and Versioning policies.

💁 Contributing

As an open-source project in a rapidly developing field, we are extremely open to contributions, whether it be in the form of a new feature, improved infrastructure, or better documentation.

For detailed information on how to contribute, see the Contributing Guide.

Reference in New Issue View Git Blame Copy Permalink