Closed
Description
In GitLab by @bcdickinson on Nov 30, 2019, 12:52
Steps to reproduce (using the test app and ./runserver.sh
:
- Create a file
tests/templates/secure/fail.html
with the following content:{% if False %}Don't show me{% endif %}
- Run the test app with
./runserver.sh
- Go to http://localhost:8000/pattern-library/pattern/secure/fail.html
- Recoil in horror as your non-pattern template's logic is exposed to anyone.
This is a problem because this template is not part of the pattern library and shouldn't be exposed just because the pattern library app is enabled.