Changes between Version 1 and Version 2 of Ticket #35930, comment 4
- Timestamp:
- Dec 29, 2025, 3:48:02 PM (25 hours ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #35930, comment 4
v1 v2 1 1 Thanks, that was enough for me to reproduce the issue. I can see how this violates least surprise if these are substantially the same settings already masked elsewhere in the debug view. 2 2 3 The initial wontfix (comment:5:ticket:21098) in a related ticket for masking sensitive POST parameters argued masking wouldn't be worthwhile (leaks developer's own secrets to developer, DEBUG page is documented as always potentially leaking information), but ticket:21098 waseventually fixed once there was a simpler implementation.3 The initial wontfix (comment:5:ticket:21098) in a related ticket for masking sensitive POST parameters argued masking wouldn't be worthwhile if this only related to the debug page, but it was reopened after clarification that error reporting emails were affected, and eventually fixed once there was a simpler implementation. 4 4 5 5 Here is a potential tiny patch that I just confirmed fixes the issue, although it would be using `@sensitive_variables()` outside the context of a view, which I took to be the use case it was designed for: