Also clean template data even if marked unsafe

Fixes #20568
2024-09-14 20:13:21 +02:00 · 2017-02-10 09:34:35 -06:00 · 2017-02-10 09:34:35 -06:00 · 86beb55a90
commit 86beb55a90
parent b5bf525828
1 changed files with 3 additions and 2 deletions
--- a/lib/ansible/template/init.py
+++ b/lib/ansible/template/init.py
@ -281,7 +281,7 @@ class Templar:
    def _clean_data(self, orig_data):
        ''' remove jinja2 template tags from a string '''

-        if not isinstance(orig_data, string_types) or hasattr(orig_data, '__ENCRYPTED__') or hasattr(orig_data, '__UNSAFE__'):
+        if not isinstance(orig_data, string_types) or hasattr(orig_data, '__ENCRYPTED__'):
            return orig_data

        with contextlib.closing(StringIO(orig_data)) as data:
@ -385,11 +385,12 @@ class Templar:
                            overrides=overrides,
                            disable_lookups=disable_lookups,
                        )
+
+                        unsafe = hasattr(result, '__UNSAFE__')
                        if convert_data and not self._no_type_regex.match(variable):
                            # if this looks like a dictionary or list, convert it to such using the safe_eval method
                            if (result.startswith("{") and not result.startswith(self.environment.variable_start_string)) or \
                                    result.startswith("[") or result in ("True", "False"):
-                                unsafe = hasattr(result, '__UNSAFE__')
                                eval_results = safe_eval(result, locals=self._available_variables, include_exceptions=True)
                                if eval_results[1] is None:
                                    result = eval_results[0]