Skip to content

django-locals-in-render-function (DJ003)#

Derived from the flake8-django linter.

What it does#

Checks for the use of locals() in render functions.

Why is this bad?#

Using locals() can expose internal variables or other unintentional data to the rendered template.

Example#

from django.shortcuts import render


def index(request):
    posts = Post.objects.all()
    return render(request, "app/index.html", locals())

Use instead:

from django.shortcuts import render


def index(request):
    posts = Post.objects.all()
    context = {"posts": posts}
    return render(request, "app/index.html", context)