#1204 closed defect (fixed)
markup filters shouldn't fail silently
| Reported by: | nirvdrum | Owned by: | Adrian Holovaty |
|---|---|---|---|
| Component: | Tools | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
In the source code for the markup app, the comments say that if the appropriate libraries are not installed, the filter will fail silently and return the un-marked-up text. This seems to me to be a bad design decision. If the proper libraries are not installed, the developer should be notified right away. Not marking up the text is not what the developer intended and does not seem to be a case of degrading gracefully.
Additionally, I was unable to find this limitation noted anywhere on the Web site. It wasn't until I dug into the source and read that comment that I discovered why my app wasn't working properly.
Change History (6)
comment:1 by , 19 years ago
comment:2 by , 19 years ago
And hopefully some more clarification on the reasoning for this will be found here.
comment:3 by , 19 years ago
There is a potential security problem here. If the filter that fails is one that removes dangerous HTML and that dangerous HTML is spat straight back out again you might end up with an XSS hole. We should at least have filters fail noisily if DEBUG is on. Maybe we should always eat the text rather than spit it out again in production. Errors of this kind in production should be logged as well.
comment:4 by , 19 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
FWIW, the documentation on writing template filters indicates this:
"Filter functions should always return something. They shouldn't raise exceptions. They should fail silently. In case of error, they should return either the original input or an empty string -- whichever makes more sense."