fix(core): correct misleading jinja2 sandboxing comment

[Yi Liu (sumleo)]

Summary

• The inline comment at langchain_core/prompts/string.py:67-69 incorrectly states that SandboxedEnvironment "blocks ALL attribute/method access" and that "only simple variable lookups like {{variable}} are allowed."
• In reality, Jinja2's SandboxedEnvironment only blocks access to dunder attributes (__class__, __globals__, etc.) to prevent sandbox escapes. Regular attribute access like {{obj.content}} and method calls remain allowed.
• This misleading comment was left behind when a _RestrictedSandboxedEnvironment class was reverted in commit 395c8d0. Updated to accurately describe the actual behavior.

Why this matters

The comment could mislead developers into trusting partially-untrusted templates, believing attribute access is blocked when it is not. The function's docstring already correctly warns against untrusted templates.

Test plan

• No behavioral change — comment-only fix
• Verified SandboxedEnvironment behavior matches updated comment

This PR was authored with the help of AI tools.

[codspeed-hq]

Merging this PR will not alter performance

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

✅ 13 untouched benchmarks
⏩ 21 skipped benchmarks¹

---

_{Comparing sumleo:fix/jinja2-sandboxing-comment (0532fe0) with master (6ac12b3)²}

Footnotes

1. 21 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on master (a50d86c) during the generation of this report, so 6ac12b3 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩