fix: complain when filter is used on undefined in strict and semi-strict mode (#877)

wolfv · web-flow · commit 243bc2823654 · 2026-03-03T10:05:03.000+01:00
diff --git a/.github/workflows/build-wheels.yml b/.github/workflows/build-wheels.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Build wheels
         uses: PyO3/maturin-action@v1
         with:
-          args: --release --target universal2-apple-darwin --out dist -m minijinja-py/Cargo.toml
+          args: --release --strip --target universal2-apple-darwin --out dist -m minijinja-py/Cargo.toml
       - name: Upload wheels
         uses: actions/upload-artifact@v4
         with:
@@ -56,7 +56,7 @@ jobs:
         uses: PyO3/maturin-action@v1
         with:
           target: ${{ matrix.target }}
-          args: --release --out dist -m minijinja-py/Cargo.toml --interpreter "3.9"
+          args: --release --strip --out dist -m minijinja-py/Cargo.toml --interpreter "3.9"
           manylinux: auto
       - name: Upload wheels
         uses: actions/upload-artifact@v4
@@ -84,7 +84,7 @@ jobs:
         uses: PyO3/maturin-action@v1
         with:
           target: ${{ matrix.target }}
-          args: --release --out dist -m minijinja-py/Cargo.toml --interpreter "3.9"
+          args: --release --strip --out dist -m minijinja-py/Cargo.toml --interpreter "3.9"
           manylinux: musllinux_1_2
       - name: Upload wheels
         uses: actions/upload-artifact@v4
@@ -110,7 +110,7 @@ jobs:
         uses: PyO3/maturin-action@v1
         with:
           target: ${{ matrix.target }}
-          args: --release --out dist -m minijinja-py/Cargo.toml
+          args: --release --strip --out dist -m minijinja-py/Cargo.toml
       - name: Upload wheels
         uses: actions/upload-artifact@v4
         with:
diff --git a/minijinja-py/pyproject.toml b/minijinja-py/pyproject.toml
@@ -34,7 +34,6 @@ Repository = "https://github.com/mitsuhiko/minijinja"
 [tool.maturin]
 module-name = "minijinja._lowlevel"
 python-source = "python"
-strip = true
 
 [tool.pyright]
 include = ["python/**/*.pyi"]
diff --git a/minijinja/src/filters.rs b/minijinja/src/filters.rs
@@ -554,9 +554,12 @@ mod builtins {
     /// {{ "42"|int == 42 }} -> true
     /// ```
     #[cfg_attr(docsrs, doc(cfg(feature = "builtins")))]
-    pub fn int(value: &Value) -> Result<Value, Error> {
+    pub fn int(state: &State, value: &Value) -> Result<Value, Error> {
         match &value.0 {
-            ValueRepr::Undefined(_) | ValueRepr::None => Ok(Value::from(0)),
+            ValueRepr::Undefined(_) | ValueRepr::None => {
+                ok!(state.undefined_behavior().assert_value_not_undefined(value));
+                Ok(Value::from(0))
+            }
             ValueRepr::Bool(x) => Ok(Value::from(*x as u64)),
             ValueRepr::U64(_) | ValueRepr::I64(_) | ValueRepr::U128(_) | ValueRepr::I128(_) => {
                 Ok(value.clone())
@@ -587,9 +590,12 @@ mod builtins {
     /// {{ "42.5"|float == 42.5 }} -> true
     /// ```
     #[cfg_attr(docsrs, doc(cfg(feature = "builtins")))]
-    pub fn float(value: &Value) -> Result<Value, Error> {
+    pub fn float(state: &State, value: &Value) -> Result<Value, Error> {
         match &value.0 {
-            ValueRepr::Undefined(_) | ValueRepr::None => Ok(Value::from(0.0)),
+            ValueRepr::Undefined(_) | ValueRepr::None => {
+                ok!(state.undefined_behavior().assert_value_not_undefined(value));
+                Ok(Value::from(0.0))
+            }
             ValueRepr::Bool(x) => Ok(Value::from(*x as u64 as f64)),
             ValueRepr::String(..) | ValueRepr::SmallStr(_) => value
                 .as_str()
@@ -843,12 +849,13 @@ mod builtins {
     ///
     /// If the string has been marked as safe, that value is preserved.
     #[cfg_attr(docsrs, doc(cfg(feature = "builtins")))]
-    pub fn string(value: &Value) -> Value {
-        if value.kind() == ValueKind::String {
+    pub fn string(state: &State, value: &Value) -> Result<Value, Error> {
+        ok!(state.undefined_behavior().assert_value_not_undefined(value));
+        Ok(if value.kind() == ValueKind::String {
             value.clone()
         } else {
             value.to_string().into()
-        }
+        })
     }
 
     /// Converts the value into a boolean value.
@@ -860,8 +867,8 @@ mod builtins {
     /// {{ 42|bool }} -> true
     /// ```
     #[cfg_attr(docsrs, doc(cfg(feature = "builtins")))]
-    pub fn bool(value: &Value) -> bool {
-        value.is_true()
+    pub fn bool(state: &State, value: &Value) -> Result<bool, Error> {
+        state.undefined_behavior().is_true(value)
     }
 
     /// Slice an iterable and return a list of lists containing
diff --git a/minijinja/src/utils.rs b/minijinja/src/utils.rs
@@ -134,13 +134,15 @@ pub enum UndefinedBehavior {
     /// * **printing:** fails
     /// * **iteration:** fails
     /// * **attribute access of undefined values:** fails
+    /// * **string coercion in filters/functions:** fails
     /// * **if true:** allowed (is considered false)
     SemiStrict,
     /// Complains very quickly about undefined values.
     ///
     /// * **printing:** fails
     /// * **iteration:** fails
     /// * **attribute access of undefined values:** fails
+    /// * **string coercion in filters/functions:** fails
     /// * **if true:** fails
     Strict,
 }
@@ -199,6 +201,24 @@ impl UndefinedBehavior {
             _ => Ok(()),
         }
     }
+
+    /// Checks that undefined cannot be coerced into a concrete type (e.g. string).
+    ///
+    /// This is called when an undefined value is passed to a filter or function
+    /// argument that expects a concrete type.  Filters that explicitly handle
+    /// undefined values (such as `default`) avoid this by using `&Value` as
+    /// their first argument instead of a concrete type like `String`.
+    #[inline]
+    pub(crate) fn assert_value_not_undefined(self, value: &Value) -> Result<(), Error> {
+        match (self, &value.0) {
+            // silent undefined never errors
+            (
+                UndefinedBehavior::Strict | UndefinedBehavior::SemiStrict,
+                &ValueRepr::Undefined(UndefinedType::Default),
+            ) => Err(Error::from(ErrorKind::UndefinedError)),
+            _ => Ok(()),
+        }
+    }
 }
 
 /// Helper to HTML escape a string.
diff --git a/minijinja/src/value/argtypes.rs b/minijinja/src/value/argtypes.rs
@@ -154,6 +154,14 @@ pub trait ArgType<'a> {
         ))
     }
 
+    #[doc(hidden)]
+    fn from_state_and_value_owned(
+        _state: Option<&'a State>,
+        value: Value,
+    ) -> Result<Self::Output, Error> {
+        Self::from_value_owned(value)
+    }
+
     #[doc(hidden)]
     fn from_state_and_value(
         _state: Option<&'a State>,
@@ -566,6 +574,16 @@ impl<'a> ArgType<'a> for Cow<'_, str> {
             None => Err(Error::from(ErrorKind::MissingArgument)),
         }
     }
+
+    fn from_state_and_value(
+        state: Option<&'a State>,
+        value: Option<&'a Value>,
+    ) -> Result<(Self::Output, usize), Error> {
+        if let (Some(state), Some(value)) = (state, value) {
+            ok!(state.undefined_behavior().assert_value_not_undefined(value));
+        }
+        Ok((ok!(Self::from_value(value)), 1))
+    }
 }
 
 impl<'a> ArgType<'a> for &Value {
@@ -675,15 +693,15 @@ impl<'a, T: ArgType<'a, Output = T>> ArgType<'a> for Rest<T> {
     }
 
     fn from_state_and_values(
-        _state: Option<&'a State>,
+        state: Option<&'a State>,
         values: &'a [Value],
         offset: usize,
     ) -> Result<(Self, usize), Error> {
         let args = values.get(offset..).unwrap_or_default();
         Ok((
             Rest(ok!(args
                 .iter()
-                .map(|v| T::from_value(Some(v)))
+                .map(|v| T::from_state_and_value(state, Some(v)).map(|x| x.0))
                 .collect::<Result<_, _>>())),
             args.len(),
         ))
@@ -979,6 +997,28 @@ impl<'a> ArgType<'a> for String {
         }
     }
 
+    fn from_state_and_value(
+        state: Option<&'a State>,
+        value: Option<&'a Value>,
+    ) -> Result<(Self::Output, usize), Error> {
+        if let (Some(state), Some(value)) = (state, value) {
+            ok!(state.undefined_behavior().assert_value_not_undefined(value));
+        }
+        Ok((ok!(Self::from_value(value)), 1))
+    }
+
+    fn from_state_and_value_owned(
+        state: Option<&'a State>,
+        value: Value,
+    ) -> Result<Self::Output, Error> {
+        if let Some(state) = state {
+            ok!(state
+                .undefined_behavior()
+                .assert_value_not_undefined(&value));
+        }
+        Self::from_value_owned(value)
+    }
+
     fn from_value_owned(value: Value) -> Result<Self, Error> {
         Ok(value.to_string())
     }
@@ -1005,6 +1045,27 @@ impl<'a, T: ArgType<'a, Output = T>> ArgType<'a> for Vec<T> {
         }
     }
 
+    fn from_state_and_value(
+        state: Option<&'a State>,
+        value: Option<&'a Value>,
+    ) -> Result<(Self::Output, usize), Error> {
+        match value {
+            None => Ok((Vec::new(), 1)),
+            Some(value) => {
+                let iter = ok!(value
+                    .as_object()
+                    .filter(|x| matches!(x.repr(), ObjectRepr::Seq | ObjectRepr::Iterable))
+                    .and_then(|x| x.try_iter())
+                    .ok_or_else(|| { Error::new(ErrorKind::InvalidOperation, "not iterable") }));
+                let mut rv = Vec::new();
+                for value in iter {
+                    rv.push(ok!(T::from_state_and_value_owned(state, value)));
+                }
+                Ok((rv, 1))
+            }
+        }
+    }
+
     fn from_value_owned(value: Value) -> Result<Self, Error> {
         let iter = ok!(value
             .as_object()
diff --git a/minijinja/tests/test_undefined.rs b/minijinja/tests/test_undefined.rs
@@ -43,6 +43,14 @@ fn test_lenient_undefined() {
 fn test_semi_strict_undefined() {
     let mut env = Environment::new();
     env.set_undefined_behavior(UndefinedBehavior::SemiStrict);
+    env.add_filter(
+        "test_rest_join",
+        |_state: &State, values: minijinja::value::Rest<String>| -> String { values.join("|") },
+    );
+    env.add_filter(
+        "test_vec_join",
+        |_state: &State, values: Vec<String>| -> String { values.join("|") },
+    );
 
     assert_eq!(
         env.render_str("{{ true.missing_attribute }}", ())
@@ -100,12 +108,65 @@ fn test_semi_strict_undefined() {
             .kind(),
         ErrorKind::UndefinedError
     );
+    assert_eq!(
+        env.render_str("{{ undefined|upper }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ undefined|int }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ undefined|float }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ undefined|string }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ undefined|test_rest_join }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ [undefined]|test_vec_join }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    // bool follows is_true semantics: SemiStrict allows it (returns false), Strict errors
+    assert_eq!(render!(in env, "{{ undefined|bool }}"), "false");
+    // none|int should still work (undefined check only applies to undefined, not none)
+    assert_eq!(render!(in env, "{{ none|int }}"), "0");
+    assert_eq!(
+        env.render_str("{{ undefined|default('FALLBACK') }}", ())
+            .unwrap(),
+        "FALLBACK"
+    );
 }
 
 #[test]
 fn test_strict_undefined() {
     let mut env = Environment::new();
     env.set_undefined_behavior(UndefinedBehavior::Strict);
+    env.add_filter(
+        "test_rest_join",
+        |_state: &State, values: minijinja::value::Rest<String>| -> String { values.join("|") },
+    );
+    env.add_filter(
+        "test_vec_join",
+        |_state: &State, values: Vec<String>| -> String { values.join("|") },
+    );
 
     assert_eq!(
         env.render_str("{{ true.missing_attribute }}", ())
@@ -174,6 +235,55 @@ fn test_strict_undefined() {
             .kind(),
         ErrorKind::UndefinedError
     );
+    assert_eq!(
+        env.render_str("{{ undefined|upper }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ undefined|int }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ undefined|float }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ undefined|bool }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ undefined|string }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ undefined|test_rest_join }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    assert_eq!(
+        env.render_str("{{ [undefined]|test_vec_join }}", ())
+            .unwrap_err()
+            .kind(),
+        ErrorKind::UndefinedError
+    );
+    // none|int should still work (only undefined is rejected)
+    assert_eq!(render!(in env, "{{ none|int }}"), "0");
+    assert_eq!(
+        env.render_str("{{ undefined|default('FALLBACK') }}", ())
+            .unwrap(),
+        "FALLBACK"
+    );
 }
 
 #[test]
