diff --git a/frappe/utils/jinja.py b/frappe/utils/jinja.py
index 7a27fb3c3b..28e3b3d463 100644
--- a/frappe/utils/jinja.py
+++ b/frappe/utils/jinja.py
@@ -6,10 +6,11 @@ def get_jenv():
 	import frappe
 
 	if not getattr(frappe.local, 'jenv', None):
-		from jinja2 import Environment, DebugUndefined
+		from jinja2 import DebugUndefined
+		from jinja2.sandbox import SandboxedEnvironment
 
 		# frappe will be loaded last, so app templates will get precedence
-		jenv = Environment(loader = get_jloader(),
+		jenv = SandboxedEnvironment(loader = get_jloader(),
 			undefined=DebugUndefined)
 		set_filters(jenv)