Re: [Django] #21048: Error page should not invoke callables passed through WSGI META structure

Wed, 24 Apr 2019 12:40:04 -0700 

#21048: Error page should not invoke callables passed through WSGI META 
structure
---------------------------------+------------------------------------
     Reporter:  ericbuehl        |                    Owner:  nobody
         Type:  Bug              |                   Status:  closed
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:  wontfix
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  1
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------
Changes (by Carlton Gibson):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 Yep, OK. Thanks Arnaud.

 This is more effort than the fix for #21345, since the `META` values are
 not processed in the error reporter but
 
[https://github.com/django/django/blob/0a01ca80d7f7f1922d0c515669d0e7afd3acff5a/django/views/templates/technical_500.html#L445
 in the template]. As such we'd need a custom filter (probably replacing
 the `items|dictsort:0` call) adding a `do_not_call_in_templates` to any
 callables before entering the loop.

 Given that new filters are not often/ever(?) added, and that this has been
 sat here for four years untouched, and that anyone really needing it is
 free to adjust the debug template in their own project, I agree with the
 assessment. (To phrase the other way: even **if** a PR turned up with such
 a filter, there'd be a question as to whether it was acceptable...)

-- 
Ticket URL: <https://code.djangoproject.com/ticket/21048#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.ae7384ce5464725abf686592997162f2%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to