Panic in template rendering causes dumping of panic in to response #6790

New Issue

Closed

opened 2025-11-02 07:06:38 -06:00 by GiteaMirror · 4 comments

GiteaMirror commented 2025-11-02 07:06:38 -06:00

Owner

Copy Link

Originally created by @CirnoT on GitHub (Jan 30, 2021).

• Gitea version (or commit ref): 1.14.0+dev-642-g0e0424c8e
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
• Log gist:

2021/01/30 11:16:48 ...els/issue_comment.go:382:LoadLabel() [W] Commit 922 cannot load label 0
2021/01/30 11:16:48 ...els/issue_comment.go:382:LoadLabel() [W] Commit 958 cannot load label 0
2021/01/30 11:16:48 ...els/issue_comment.go:382:LoadLabel() [W] Commit 961 cannot load label 0
2021/01/30 11:16:48 ...s/context/context.go:191:HTML() [E] Render failed: template: repo/issue/view_content/comments:188:51: executing "repo/issue/view_content/comments" at <RenderLabels .AddedLabels>: error calling RenderLabels: runtime error: invalid memory address or nil pointer dereference
2021/01/30 11:16:48 ...c/net/http/server.go:3095:logf() [I] http: superfluous response.WriteHeader call from code.gitea.io/gitea/modules/context.(*Response).WriteHeader (response.go:64)

Description

Template render errors cause HTML content of Internal Server Error page being displayed as text/plain along with full panic message.

Originally created by @CirnoT on GitHub (Jan 30, 2021). - Gitea version (or commit ref): 1.14.0+dev-642-g0e0424c8e - Database (use `[x]`): - [x] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [x] No - Log gist: ``` 2021/01/30 11:16:48 ...els/issue_comment.go:382:LoadLabel() [W] Commit 922 cannot load label 0 2021/01/30 11:16:48 ...els/issue_comment.go:382:LoadLabel() [W] Commit 958 cannot load label 0 2021/01/30 11:16:48 ...els/issue_comment.go:382:LoadLabel() [W] Commit 961 cannot load label 0 2021/01/30 11:16:48 ...s/context/context.go:191:HTML() [E] Render failed: template: repo/issue/view_content/comments:188:51: executing "repo/issue/view_content/comments" at <RenderLabels .AddedLabels>: error calling RenderLabels: runtime error: invalid memory address or nil pointer dereference 2021/01/30 11:16:48 ...c/net/http/server.go:3095:logf() [I] http: superfluous response.WriteHeader call from code.gitea.io/gitea/modules/context.(*Response).WriteHeader (response.go:64) ``` ## Description Template render errors cause HTML content of `Internal Server Error` page being displayed as `text/plain` along with full panic message.

GiteaMirror added the type/bugreviewed/wontfix labels 2025-11-02 07:06:38 -06:00

GiteaMirror closed this issue 2025-11-02 07:06:38 -06:00

GiteaMirror commented 2025-11-02 07:06:39 -06:00

Author

Owner

Copy Link

@CirnoT commented on GitHub (Jan 30, 2021):

Related to #14466

@CirnoT commented on GitHub (Jan 30, 2021): Related to #14466

GiteaMirror commented 2025-11-02 07:06:39 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Feb 9, 2021):

This will be due to the panic writing a header and the original template renderer writing a header.

Unfortunately I don't think there is likely to be a solution here. You have to write the header before you start writing the template but if there is a panic in the template then the panic handler will attempt to write the header again.

So I think we're just gonna have to accept this one as a wontfix

@zeripath commented on GitHub (Feb 9, 2021): This will be due to the panic writing a header and the original template renderer writing a header. Unfortunately I don't think there is likely to be a solution here. You have to write the header before you start writing the template but if there is a panic in the template then the panic handler will attempt to write the header again. So I think we're just gonna have to accept this one as a wontfix

GiteaMirror commented 2025-11-02 07:06:39 -06:00

Author

Owner

Copy Link

@CirnoT commented on GitHub (Feb 10, 2021):

Are you sure that is correct? Do we really want that if panic occurs during template rendering, the error page's HTML content is dumped as text/plain (so not rendered as HTML)? That seems kind of a weird. Also I really don't think panic message should be exposed to user in production mode.

@CirnoT commented on GitHub (Feb 10, 2021): Are you sure that is correct? Do we really want that if panic occurs during template rendering, the error page's HTML content is dumped as `text/plain` (so not rendered as HTML)? That seems kind of a weird. Also I really don't think panic message should be exposed to user in production mode.

GiteaMirror commented 2025-11-02 07:06:39 -06:00

Author

Owner

Copy Link

@zeripath commented on GitHub (Feb 11, 2021):

@CirnoT your original message was about the writeheader log message - not about it being dumped as plain text. WriteHeader will always have to happen.

I'll reopen. It's really really helpful if the issue is clear from the start as to what the real problem is.

@zeripath commented on GitHub (Feb 11, 2021): @CirnoT your original message was about the writeheader log message - not about it being dumped as plain text. WriteHeader will always have to happen. I'll reopen. It's really really helpful if the issue is clear from the start as to what the real problem is.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label reviewed/wontfix type/bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#6790