Opened 7 years ago
Closed 7 years ago
#27783 closed Bug (fixed)
VariableDoesNotExist can lead to stack overflows unusually easily
| Reported by: | Ryan O’Hara | Owned by: | Ryan O’Hara |
|---|---|---|---|
| Component: | Template system | Version: | 1.10 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
If a form is overridden to render a template (django-floppyforms does this):
class ExampleForm(forms.Form):
def as_table(self):
return render(None, 'example.html', {'form': self})
and the template refers to a nonexistent attribute on the form:
{{ form.boom }}
printing the VariableDoesNotExist will cause it to attempt to stringify the form for context again.
Tentative patch changes it to always repr(), which seems appropriate and has the advantage of showing dict context like this:
Failed lookup for key [author] in {'section': '"News"'}
instead of like this:
Failed lookup for key [author] in '{\'section\': \'"News"\'}'
Change History (5)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
| Has patch: | set |
|---|
comment:3 by , 7 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:4 by , 7 years ago
Also the cause of an exception death spiral in DRF, c.f.: https://github.com/tomchristie/django-rest-framework/issues/3736
Would love to see this patch integrated into Django!
Note:
See TracTickets
for help on using tickets.
https://github.com/django/django/pull/7957