Sensitive signer.key exposed via Django messages framework in templates

[Sarah Boyce]

The following was reported by Fredrick Peters to the Django security team.

We’ve reviewed the issue and concluded that it can be publicly tracked as a hardening measure, as it assumes the attacker already has the ability to write Django templates. There is already a documented warning against untrusted template authors in the Django template documentation: ​https://docs.djangoproject.com/en/5.2/topics/templates/#module-django.template

The template system isn’t safe against untrusted template authors. For example, a site shouldn’t allow its users to provide their own templates, since template authors can do things like perform XSS attacks and access properties of template variables that may contain sensitive information.

The specific issue is that when django.contrib.messages is in INSTALLED_APPS and the default message storage is used (CookieStorage), a template author can access:

{{ messages.storages.0.signer.key }}

This exposes the signer key used internally to sign messages, which is ultimately derived from Django’s SECRET_KEY. This is possible because CookieStorage assigns the signer as a public attribute:

def __init__(self, *args, **kwargs):
    super().__init__(*args, **kwargs)
    self.signer = signing.get_cookie_signer(salt=self.key_salt)

It might still be beneficial to change self.signer to a private attribute (e.g., self._signer) or otherwise shield direct access to sensitive internals via the template context.

This isn’t a security vulnerability but qualifies as a useful hardening change to prevent accidental exposure by users who may not fully understand the risks of template authoring.