diff --git a/django/views/debug.py b/django/views/debug.py index 233f694b21..15109840b1 100644 --- a/django/views/debug.py +++ b/django/views/debug.py @@ -8,11 +8,11 @@ from django.conf import settings from django.http import HttpResponse, HttpResponseServerError, HttpResponseNotFound from django.template import (Template, Context, TemplateDoesNotExist, TemplateSyntaxError) +from django.template.defaultfilters import force_escape, pprint from django.utils.html import escape from django.utils.importlib import import_module from django.utils.encoding import smart_unicode, smart_str - HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST|SIGNATURE') def linebreak_iter(template_source): @@ -109,6 +109,9 @@ class ExceptionReporter: self.get_template_exception_info() frames = self.get_traceback_frames() + for i, frame in enumerate(frames): + frame['vars'] = [(k, force_escape(pprint(v))) for k, v in frame['vars']] + frames[i] = frame unicode_hint = '' if issubclass(self.exc_type, UnicodeError): @@ -547,7 +550,7 @@ TECHNICAL_500_TEMPLATE = """ {% for var in frame.vars|dictsort:"0" %} {{ var.0|force_escape }} - 
{{ var.1|pprint|force_escape }}
+ 
{{ var.1 }}
{% endfor %} diff --git a/tests/regressiontests/views/views.py b/tests/regressiontests/views/views.py index e4e7c3d4e4..622e5f6442 100644 --- a/tests/regressiontests/views/views.py +++ b/tests/regressiontests/views/views.py @@ -36,6 +36,11 @@ def custom_create(request): form_class=SlugChangingArticleForm) def raises(request): + # Make sure that a callable that raises an exception in the stack frame's + # local vars won't hijack the technical 500 response. See: + # http://code.djangoproject.com/ticket/15025 + def callable(): + raise Exception try: raise Exception except Exception: