Opened 4 years ago

Closed 4 years ago

#22294 closed Cleanup/optimization (fixed)

length filter changes type of output to string if passed safe string

Reported by: steve.pike@… Owned by: nobody
Component: Template system Version: master
Severity: Normal Keywords: filter safe
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no


if you do:

{% if some_string|length > 123 %}
{% endif %}

what happens is what you expect to happen - the length of the string is determined and compared to the integer given in the condition.

However if you do this:

{% if some_safe_string|length > 123 %}
{% endif %}

Then the result is non obvious, since passing a safe_string to length results in the output also being marked safe and thus changed into a safe *string*... on which you cannot do simple comparisons to integers in this way... (see: and )

This seems like a bug rather than a feature, but since the type of the result of the length filter is not stated in the docs ( ) this is really misleading.

Change History (2)

comment:1 Changed 4 years ago by Baptiste Mispelon

Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization
Version: 1.5master


I agree that this behavior is not obvious and could lead to hard-to-debug issues.

I don't really see a reason why length needs is_safe=True, since it should normally return either integers, or an empty string in case of an error.

In fact, making this change doesn't seem to break any existing test which is a good sign.

comment:2 Changed 4 years ago by Claude Paroz <claude@…>

Resolution: fixed
Status: newclosed

In bc315266c86f371ab04d05c43383775267e8595a:

Fixed #22294 -- Prevented converting length filter output to string

Thanks Steve Pike for the report.

Note: See TracTickets for help on using tickets.
Back to Top