[Django] #27783: VariableDoesNotExist can lead to stack overflows unusually easily
Django
-------------------------------------------+------------------------
Reporter: Ryan O’Hara | Owner: nobody
Type: Bug | Status: new
Component: Template system | Version: 1.10
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------------+------------------------
If a form is overridden to render a template
([https://github.com/gregmuellegger/django-floppyforms django-floppyforms]
does this):
{{{
class ExampleForm(forms.Form):
def as_table(self):
return render(None, 'example.html', {'form': self})
}}}
and the template refers to a nonexistent attribute on the form:
{{{
{{ form.boom }}
}}}
printing the `VariableDoesNotExist` will cause it to attempt to stringify
the form for context again.
Tentative patch changes it to always `repr()`, which seems appropriate and
has the advantage of showing dict context like this:
{{{
Failed lookup for key [author] in {'section': '"News"'}
}}}
instead of like this:
{{{
Failed lookup for key [author] in '{\'section\': \'"News"\'}'
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/27783>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Ryan O’Hara | Owner: Ryan O’Hara
Type: Bug | Status: assigned
Component: Template system | Version: 1.10
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Ryan O’Hara):
* owner: nobody => Ryan O’Hara
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/27783#comment:1>
Django
Reporter: Ryan O’Hara | Owner: Ryan O’Hara
Type: Bug | Status: assigned
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Ryan O’Hara):
* has_patch: 0 => 1
Comment:
https://github.com/django/django/pull/7957
--
Ticket URL: <https://code.djangoproject.com/ticket/27783#comment:2>
Django
Reporter: Ryan O’Hara | Owner: Ryan O’Hara
Type: Bug | Status: assigned
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Claude Paroz):
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/27783#comment:3>
Django
Reporter: Ryan O’Hara | Owner: Ryan O’Hara
Type: Bug | Status: assigned
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Thomas Hauk):
Also the cause of an exception death spiral in DRF, c.f.:
https://github.com/tomchristie/django-rest-framework/issues/3736
Would love to see this patch integrated into Django!
--
Ticket URL: <https://code.djangoproject.com/ticket/27783#comment:4>
Django
Reporter: Ryan O’Hara | Owner: Ryan O’Hara
Component: Template system | Version: 1.10
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"7c4289d0b974c9b33bdc569308d8c99d7cac45d4" 7c4289d]:
{{{
#!CommitTicketReference repository=""
revision="7c4289d0b974c9b33bdc569308d8c99d7cac45d4"
Fixed #27783 -- Switched VariableDoesNotExist.__str__() to repr() context.
Using __str__() and then repr'ing the result looks strange and can lead
to recursive rendering of forms.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/27783#comment:5>