Context Navigation

← Previous Ticket
Next Ticket →

#17778 closed Bug (fixed)

RequestContext methods pollute template variables

Reported by:	KyleMac	Owned by:	Tim Graham <timograham@…>
Component:	Template system	Version:	1.4-beta-1
Severity:	Normal	Keywords:	sprint2013
Cc:		Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

Imagine the following simple view:

def index(request):
    return render_to_response('template.html', {
        'myvar': 'My Variable'
    }, context_instance=RequestContext(request))

And the following simple template:

{{ myvar }} is {% if not new %}not {% endif %}new.

The output will always be:

My Variable is new.

This is because django.template.base.Variable._resolve_lookup is finding the new() method on RequestContext which is then forced to a string resulting in "[{}]".

If you're asking why you want to access a variable that the view never sets then the reason is that this situation can occur when views are including or extending the same template.

Attachments (2)

17778-testcase.patch (1.0 KB ) - added by Aymeric Augustin 14 years ago.
#17778-RequestContext_pollutes_namespace.patch (2.2 KB ) - added by regebro 13 years ago.: One solution

Download all attachments as: .zip

Change History (9)

by Aymeric Augustin, 14 years ago

Attachment:	17778-testcase.patch added

comment:1 by Aymeric Augustin, 14 years ago

Triage Stage:	Unreviewed → Accepted

I just attached a test case that demonstrates the problem.

comment:2 by regebro, 13 years ago

Keywords:	sprint2013 added
Owner:	changed from nobody to regebro
Status:	new → assigned

by regebro, 13 years ago

Attachment:	#17778-RequestContext_pollutes_namespace.patch added

One solution

comment:3 by regebro, 13 years ago

Has patch:	set
Owner:	regebro removed
Status:	assigned → new
Triage Stage:	Accepted → Design decision needed

To solve this we have to explicitly disallow attributes on the context. Or at least disallow class attributes.

I attached a patch that does the last option. But I think a design decision is needed here.

comment:4 by Aymeric Augustin, 13 years ago

Triage Stage:	Design decision needed → Accepted

Under which circumstances would Django try to access attributes on the context?

comment:5 by Tim Graham, 12 years ago

Reported again in #20898

comment:6 by Tim Graham <timograham@…>, 12 years ago

Owner:	set to Tim Graham <timograham@…>
Resolution:	→ fixed
Status:	new → closed

In 71b5617c24bb997db294480f07611233069e3359:

Fixed #17778 -- Prevented class attributes on context from resolving as template variables.

Thanks KyleMac for the report, regebro for the patch, and Aymeric for the test.

comment:7 by Tim Graham <timograham@…>, 12 years ago

In ccff25b1431bd1bb9d633b1ca1d3aff79acc33d9:

[1.6.x] Fixed #17778 -- Prevented class attributes on context from resolving as template variables.

Thanks KyleMac for the report, regebro for the patch, and Aymeric for the test.

Backport of 71b5617c24 from master.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues