sensitive_variables handling fails for methods
|Reported by:||gabrielhurley||Owned by:||julien|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When attempting to decorate a class method with the "sensitive_variables" decorator (both with and without the "method_decorator" decorator) the expectation is that the variables will be properly filtered out.
However, that is not the case due to this line: https://github.com/django/django/blob/master/django/views/debug.py#L159
Since methods do not live in the global namespace, they're not found, and thereby the sensitive_variable stripping is bypassed.
This is non-obvious behavior and should either be documented or fixed to behave as expected.
Change History (7)
comment:3 Changed 4 years ago by julien
- Owner changed from gabrielhurley to julien
- Severity changed from Normal to Release blocker
- Triage Stage changed from Unreviewed to Accepted