Make str.format_map with untrusted input safer (#2931)

2026-05-04 15:04:03 +00:00 · 2022-12-08 13:49:07 +01:00
parent 11eecd739d
commit b64c5735a8
12 changed files with 89 additions and 42 deletions
--- a/src/tests/helpers/test_format.py
+++ b/src/tests/helpers/test_format.py
@@ -0,0 +1,9 @@
+from pretix.helpers.format import format_map
+
+
+def test_format_map():
+    assert format_map("Foo {bar}", {"bar": 3}) == "Foo 3"
+    assert format_map("Foo {baz}", {"bar": 3}) == "Foo {baz}"
+    assert format_map("Foo {bar.__module__}", {"bar": 3}) == "Foo {bar.__module__}"
+    assert format_map("Foo {bar!s}", {"bar": 3}) == "Foo 3"
+    assert format_map("Foo {bar:<20}", {"bar": 3}) == "Foo 3"