#33245 closed Bug (fixed)
utils.html.urlize() isn't thread-safe
Reported by: | Tim McCurrach | Owned by: | Tim McCurrach |
---|---|---|---|
Component: | Utilities | Version: | dev |
Severity: | Release blocker | Keywords: | |
Cc: | Claude Paroz | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Since e567670b utils.html.urlize
isn't thread safe!
To replicate bug:
- Write 2 views that both use the
urlizetrunc
tag a large number of times (between 104 and 105 was enough on my computer). - Use different url length limits (for truncation) for each view
- Load the 2 views simultaneously
The resulting pages will have inconsistent url limits, as the trim_url_limit
value from one view leaks over to the other.
The cause
Since urlize
was changed to become class-based trim_url_limit
, nofollow
, autoescape
, and trim_url_limit
are stored as instance attributes. Urlizer
is instantiated just once and then used within urlize
which allows for these values to be shared between function calls.
The solution
- The obvious solution would be to pass the values listed above directly to
handle_word
so that they are not stored on the instance. - My only question is: Does removing these values from the class instance nullify the ease of customisation the original ticket brought about? If this is the case, the better solution might just be to revert the change.
- An alternative approach would be to create a new instance of
Urlizer
on each call ofurlize
, but since this can be called many times in a single request, this would likely have a performance impact.
Change History (9)
comment:1 by , 3 years ago
Description: | modified (diff) |
---|
comment:2 by , 3 years ago
Summary: | utils.urlize isn't thread-safe → utils.html.urlize isn't thread-safe |
---|
comment:3 by , 3 years ago
Cc: | added |
---|---|
Severity: | Normal → Release blocker |
Summary: | utils.html.urlize isn't thread-safe → utils.html.urlize() isn't thread-safe |
Triage Stage: | Unreviewed → Accepted |
follow-up: 6 comment:5 by , 3 years ago
[HS] Mariusz, do you know why I'm not receiving any mail when you CC me? It's not a problem since I generally follow the timeline, but I still wonder.
comment:6 by , 3 years ago
Replying to Claude Paroz:
[HS] Mariusz, do you know why I'm not receiving any mail when you CC me? It's not a problem since I generally follow the timeline, but I still wonder.
FWIW, I'm not receiving notifications about this ticket either. Strange...
comment:7 by , 3 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
Thanks for the report!
Agreed, it's should be enough to pass values to the underlying methods.
I don't think so. As far as I'm aware all important parameters will still be customizable.