Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Access to a the templating context object in global functions

See original GitHub issue

Just like #109, It would be quite useful to have access to the render context object inside global functions.

A use case:

I have a CMS system and I need a function which returns the url for content. The code bellow should work, as it works if it were a filter.

env.addGlobal("urlFor", function (content) {
    return this.ctx.baseUrl + "/" + content.slug;
});

Thanks

Issue Analytics

State:
Created 9 years ago
Comments:13 (4 by maintainers)

Top GitHub Comments

1reaction

carljmcommented, Aug 4, 2016

In general, nunjucks doesn’t intend to support untrusted template authors. There are too many ways for a malicious template author to at the very least DoS the system.

That said, I’m not sure either why settings are stored on the context. Convenience maybe?

0reactions

valtidocommented, Aug 5, 2016

here is what the object looks like,


env                 :"development"
etag                :"weak"
etag fn             :wetag(body, encoding)
jsonp callback name :"callback"
query parser        :"extended"
query parser fn     :parseExtendedQueryString(str)
subdomain offset    :2
trust proxy         :false
trust proxy fn      :trustNone()
view                :NunjucksView(name, opts)
view engine         :"njk"
views               :"C:\Users\..\dev\views"
x-powered-by        :true

I was more focused, on the view method, they can serve a different view with a bit of hacking.

but what’s to say you leave that on, forget all about it, and one day nunjucks, decides to extend the settings object to include more sensitive information, the context should display the settings period (as a principal).

I mean security wise, you do not want to expose anything you have explicitly decide to do so.

Top Results From Across the Web

Variables and functions available to templates — CKAN 2.9.7 ...

To see which additional global variables and context attributes are available to a given template, use CKAN's debug footer. Any variables explicitly passed ......

Global objects — Jinja Documentation

This section covers the behavior of global objects in the Jinja namespace and also the ... But what if you want to access...

Accessing the context (or the root object) passed to Handler.js ...

1 Answer 1 · In the template I have an <input type="button"/> in the end. · So you're saying that the user should...

Global Variables in Flask Templates Using Context Processors

In this video I'll show you how to pass global variables and functions to all of your templates in Flask using context processors....

JavaScript Global Object | Contentful

The global object in JavaScript is an always defined object that provides variables and functions, and is available anywhere. In a web browser, ......