langchain Architecture Docs
Home / Function/ _block_jinja2_templates() — langchain Function Reference

_block_jinja2_templates() — langchain Function Reference

Architecture documentation for the _block_jinja2_templates() function in load.py from the langchain codebase.

Function python CoreAbstractions Serialization called by 1

Entity Profile

Dependency Diagram

graph TD
  87ab25e9_a59e_a24e_6a50_7fcddd95becd["_block_jinja2_templates()"]
  05e0e20a_4425_e962_37a4_c6c6f08a700d["load.py"]
  87ab25e9_a59e_a24e_6a50_7fcddd95becd -->|defined in| 05e0e20a_4425_e962_37a4_c6c6f08a700d
  1910dab6_e109_80ec_5bdc_6188e60ebf46["default_init_validator()"]
  1910dab6_e109_80ec_5bdc_6188e60ebf46 -->|calls| 87ab25e9_a59e_a24e_6a50_7fcddd95becd
  style 87ab25e9_a59e_a24e_6a50_7fcddd95becd fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

libs/core/langchain_core/load/load.py lines 152–180

def _block_jinja2_templates(
    class_path: tuple[str, ...],
    kwargs: dict[str, Any],
) -> None:
    """Block jinja2 templates during deserialization for security.

    Jinja2 templates can execute arbitrary code, so they are blocked by default when
    deserializing objects with `template_format='jinja2'`.

    Note:
        We intentionally do NOT check the `class_path` here to keep this simple and
        future-proof. If any new class is added that accepts `template_format='jinja2'`,
        it will be automatically blocked without needing to update this function.

    Args:
        class_path: The class path tuple being deserialized (unused).
        kwargs: The kwargs dict for the class constructor.

    Raises:
        ValueError: If `template_format` is `'jinja2'`.
    """
    _ = class_path  # Unused - see docstring for rationale. Kept to satisfy signature.
    if kwargs.get("template_format") == "jinja2":
        msg = (
            "Jinja2 templates are not allowed during deserialization for security "
            "reasons. Use 'f-string' template format instead, or explicitly allow "
            "jinja2 by providing a custom init_validator."
        )
        raise ValueError(msg)

Domain

Subdomains

Defined In

Called By

Source

Frequently Asked Questions

What does _block_jinja2_templates() do?
_block_jinja2_templates() is a function in the langchain codebase, defined in libs/core/langchain_core/load/load.py.
Where is _block_jinja2_templates() defined?
_block_jinja2_templates() is defined in libs/core/langchain_core/load/load.py at line 152.
What calls _block_jinja2_templates()?
_block_jinja2_templates() is called by 1 function(s): default_init_validator.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free