@@ -576,14 +576,13 @@ def visit_FormattedValue(self, node: ast.FormattedValue) -> ast.AST:
576576 return self .node_contents_visit (node )
577577
578578 def visit_TemplateStr (self , node : ast .AST ) -> ast .AST :
579- """Template strings are not allowed by default.
580- Even so, that template strings can be useful in context of Template
581- Engines. A Template String itself is not executed itself, but it
582- contain expressions and need additional template rendering logic
583- applied to it to be useful .
579+ """Template strings are allowed by default.
580+
581+ As Template strings are a very basic template mechanism, that needs
582+ additional rendering logic to be useful, they are not blocked by
583+ default .
584584 Those rendering logic would be affected by RestrictedPython as well.
585585
586- TODO: Deeper review of security implications of template strings.
587586 TODO: Change Type Annotation to ast.TemplateStr when
588587 Support for Python 3.13 is dropped.
589588 """
@@ -595,12 +594,13 @@ def visit_TemplateStr(self, node: ast.AST) -> ast.AST:
595594 return self .node_contents_visit (node )
596595
597596 def visit_Interpolation (self , node : ast .AST ) -> ast .AST :
598- """Interpolations are not allowed by default.
599- As Interpolations are part of Template Strings, they will not be
600- reached in the context of RestrictedPython as Template Strings
601- ‚‚are not allowed.
597+ """Interpolations are allowed by default.
598+ As Interpolations are part of Template Strings, they are needed
599+ to be reached in the context of RestrictedPython as Template Strings
600+ are allowed. As a user has to provide additional rendering logic
601+ to make use of Template Strings, the security implications of
602+ Interpolations are limited in the context of RestrictedPython.
602603
603- TODO: Deeper review of security implications of interpolated strings.
604604 TODO: Change Type Annotation to ast.Interpolation when
605605 Support for Python 3.13 is dropped.
606606 """
0 commit comments