Opened 7 hours ago
Last modified 4 hours ago
#35897 new Cleanup/optimization
Template system: escape() calls in get_exception_info() should be removed
| Reported by: | Klaas van Schelven | Owned by: | |
|---|---|---|---|
| Component: | Error reporting | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Keryn Knight | Triage Stage: | Unreviewed |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Here there are some calls to escape()
They shouldn't be there: escaping happens in templates for non-safe strings anyway, so there's no need.
And there _is_ a drawback: as an example, the Python Sentry SDK copies this info, but because it gets sent over the wire (as a JSON string) the information that this has already been escaped is lost, and on the receiving end it is escaped again.
This means that on the server-side the Error-tracking, in my case Bugsink will show doubly escaped html code snippets. This looks something like this:
<p class="relative text-slate-600 text-base md:text-xl mb-4 md:mb-5">
Removing the calls to escape simply solves this. Which makes sense: calling escape is simply not the responsibility of this piece of code, it should just stay marked as unsafe and be escape at the edges (on rendering).
Attachments (1)
Change History (3)
by , 7 hours ago
| Attachment: | 2024-11-08_1877x538.png added |
|---|
comment:1 by , 7 hours ago
| Has patch: | set |
|---|
comment:2 by , 4 hours ago
| Cc: | added |
|---|---|
| Component: | Uncategorized → Error reporting |
| Type: | Uncategorized → Cleanup/optimization |
Given #33461 added
force_escapetomessage, we might need to move that escaping into the template