From 5d793726404cc549b4006cb0a98a428d50173062 Mon Sep 17 00:00:00 2001 From: Jack Wilsdon Date: Sun, 30 Oct 2016 22:11:21 +0000 Subject: [PATCH 1/2] Add stricter checking to "from ... import ..." MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently token parsing on "from ... import ..." is rather "loose" — it sees the following "invalid" code as perfectly valid: {% from "functions" import my_function, %} {% from "functions" import, %} {% from "functions" import %} This is caused by the parser ignoring non-name values where there should be names, either as the first value or after commas. This commit ensures only name values are allowed as the first value and any values after commas in the import section. --- jinja2/parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jinja2/parser.py b/jinja2/parser.py index 6d1fff6a9..08233642d 100644 --- a/jinja2/parser.py +++ b/jinja2/parser.py @@ -334,7 +334,7 @@ def parse_context(): if parse_context() or self.stream.current.type != 'comma': break else: - break + self.stream.expect('name') if not hasattr(node, 'with_context'): node.with_context = False self.stream.skip_if('comma') From 32afe631c2e4a05fbb4a35078dff46dfaf5e46eb Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 7 Jul 2017 09:34:32 -0700 Subject: [PATCH 2/2] add tests and changelog --- CHANGES | 2 ++ tests/test_imports.py | 22 ++++++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 6276b1157..500af4e45 100644 --- a/CHANGES +++ b/CHANGES @@ -28,10 +28,12 @@ Version 2.10 - Add ``min`` and ``max`` filters. (`#475`_) - Add tests for all comparison operators: ``eq``, ``ne``, ``lt``, ``le``, ``gt``, ``ge``. (`#665`_) +- ``import`` statement cannot end with a trailing comma. (`#618`_) .. _#469: https://github.com/pallets/jinja/pull/469 .. _#475: https://github.com/pallets/jinja/pull/475 .. _#478: https://github.com/pallets/jinja/pull/478 +.. _#618: https://github.com/pallets/jinja/pull/618 .. _#665: https://github.com/pallets/jinja/pull/665 Version 2.9.6 diff --git a/tests/test_imports.py b/tests/test_imports.py index a6d5161b1..4250eb9d0 100644 --- a/tests/test_imports.py +++ b/tests/test_imports.py @@ -11,7 +11,8 @@ import pytest from jinja2 import Environment, DictLoader -from jinja2.exceptions import TemplateNotFound, TemplatesNotFound +from jinja2.exceptions import TemplateNotFound, TemplatesNotFound, \ + TemplateSyntaxError @pytest.fixture @@ -50,7 +51,24 @@ def test_context_imports(self, test_env): ) assert t.render(foo=42) == '[42|23]' - def test_trailing_comma(self, test_env): + def test_import_needs_name(self, test_env): + test_env.from_string('{% from "foo" import bar %}') + test_env.from_string('{% from "foo" import bar, baz %}') + + with pytest.raises(TemplateSyntaxError): + test_env.from_string('{% from "foo" import %}') + + def test_no_trailing_comma(self, test_env): + with pytest.raises(TemplateSyntaxError): + test_env.from_string('{% from "foo" import bar, %}') + + with pytest.raises(TemplateSyntaxError): + test_env.from_string('{% from "foo" import bar,, %}') + + with pytest.raises(TemplateSyntaxError): + test_env.from_string('{% from "foo" import, %}') + + def test_trailing_comma_with_context(self, test_env): test_env.from_string('{% from "foo" import bar, baz with context %}') test_env.from_string('{% from "foo" import bar, baz, with context %}') test_env.from_string('{% from "foo" import bar, with context %}')