[BUG]: Enabling IAST plugin breaks HTML rendering #14217
Description
Tracer Version(s)
3.11.1
Python Version(s)
Python 3.13.5
Pip Version(s)
pip 25.0.1
Bug Report
After setting DD_IAST_ENABLED=true, HTML rendering breaks in certain circumstances.
For example, this Jinja2 embedded snippet gets dumped as raw, vs HTML:
<p class="homepage-banner__browse">
Or <a href="/search/">browse projects</a> </p>vs what is ought to be:
<p class="homepage-banner__browse">
Or <a href="/search/">browse projects</a> </p>Reproduction Code
Check out https://github.com/pypi/warehouse @ e965837e6
Create docker-compose.override.yaml with this contents:
services:
web:
command: ddtrace-run gunicorn --reload --reload-extra-file=warehouse/api/openapi.yaml -b 0.0.0.0:8000 --access-logfile - --error-logfile - warehouse.wsgi:application
environment:
DD_IAST_ENABLED: trueRun make serve
Open http://localhost and see the problem.
Error Logs
No response
Libraries in Use
alembic==1.16.4
alembic-postgresql-enum==1.8.0
amqp==5.3.1
annotated-types==0.7.0
argon2-cffi==25.1.0
argon2-cffi-bindings==21.2.0
asn1crypto==1.5.1
asttokens==3.0.0
asyncudp==0.11.0
attrs==25.3.0
Automat==25.4.16
b2sdk==2.9.4
babel==2.17.0
bcrypt==4.3.0
beautifulsoup4==4.13.4
betterproto==2.0.0b6
billiard==4.2.1
black==25.1.0
boto3==1.37.11
boto3-stubs==1.37.11
botocore==1.37.11
botocore-stubs==1.37.11
build==1.2.2.post1
bytecode==0.16.2
cachetools==5.5.2
cattrs==25.1.1
cbor2==5.6.5
celery==5.5.3
celery-redbeat==2.3.3
celery-types==0.23.0
certifi==2025.7.14
cffi==1.17.1
charset-normalizer==3.4.2
click==8.2.1
click-didyoumean==0.3.1
click-plugins==1.1.1.2
click-repl==0.3.0
cmarkgfm==2024.11.20
colorama==0.4.6
coverage==7.6.12
cryptography==44.0.3
cssbeautifier==1.15.4
cssselect==1.3.0
cssutils==2.11.1
datadog==0.52.0
ddtrace==3.11.1
decorator==5.2.1
Deprecated==1.2.18
disposable-email-domains==0.0.129
djlint==1.36.4
dnspython==2.7.0
docutils==0.21.2
EditorConfig==0.17.1
email_validator==2.2.0
envier==0.6.1
Events==0.5
execnet==2.1.1
executing==2.2.0
factory_boy==3.3.3
Faker==37.4.2
filelock==3.18.0
flake8==7.3.0
flake8-plugin-utils==1.3.3
flake8-pytest-style==2.1.0
forcediphttpsadapter==1.1.0
freezegun==1.5.3
github_reserved_names==2024.11.1
google-api-core==2.25.1
google-auth==2.40.3
google-cloud-bigquery==3.35.1
google-cloud-core==2.4.3
google-cloud-storage==3.2.0
google-crc32c==1.7.1
google-resumable-media==2.7.2
googleapis-common-protos==1.70.0
greenlet==3.2.3
grpcio==1.74.0
grpcio-status==1.74.0
grpclib==0.4.8
gunicorn==23.0.0
h2==4.2.0
hiredis==3.2.1
hpack==4.1.0
html5lib==1.1
humanize==4.12.3
hupper==1.12.1
hyperframe==6.1.0
icdiff==2.0.7
id==1.5.0
idna==3.10
importlib_metadata==8.7.0
iniconfig==2.1.0
ipython==9.4.0
ipython_pygments_lexers==1.1.1
isodate==0.7.2
isort==6.0.1
itsdangerous==2.2.0
jedi==0.19.2
Jinja2==3.1.6
jmespath==1.0.1
jsbeautifier==1.15.4
json5==0.12.0
jsonschema==4.25.0
jsonschema-path==0.3.4
jsonschema-specifications==2025.4.1
kombu==5.5.4
lazy-object-proxy==1.11.0
legacy-cgi==2.6.3
limits==5.4.0
linehaul==1.0.2
logfury==1.0.1
lxml==5.3.2
Mako==1.3.10
markdown-it-py==3.0.0
MarkupSafe==3.0.2
matplotlib-inline==0.1.7
mccabe==0.7.0
mdurl==0.1.2
mirakuru==2.6.1
more-itertools==10.7.0
msgpack==1.1.1
msgpack-types==0.5.0
multidict==6.6.3
mypy==1.16.1
mypy-zope==1.0.13
mypy_extensions==1.1.0
natsort==8.4.0
nh3==0.3.0
openapi-core==0.19.5
openapi-schema-validator==0.6.3
openapi-spec-validator==0.7.2
opensearch-py==3.0.0
opentelemetry-api==1.36.0
orjson==3.11.1
packaging==25.0
packaging-legacy==23.0.post0
paginate==0.5.7
paginate-sqlalchemy==0.3.1
parse==1.20.2
parso==0.8.4
passlib==1.7.4
PasteDeploy==3.1.0
pathable==0.4.4
pathspec==0.12.1
pep8-naming==0.15.1
pexpect==4.9.0
pip-api==0.0.34
pip-tools==7.4.1
plaster==1.1.2
plaster-pastedeploy==1.0.1
platformdirs==4.3.8
pluggy==1.6.0
polib==1.2.0
port-for==0.7.4
pprintpp==0.4.0
premailer==3.10.0
pretend==1.0.9
prompt_toolkit==3.0.51
proto-plus==1.26.1
protobuf==6.31.1
psutil==7.0.0
psycopg==3.2.9
psycopg-binary==3.2.9
ptyprocess==0.7.0
pure_eval==0.2.3
pyasn1==0.6.1
pyasn1_modules==0.4.2
pycodestyle==2.14.0
pycparser==2.22
pydantic==2.11.7
pydantic_core==2.33.2
pyflakes==3.4.0
Pygments==2.19.2
PyJWT==2.10.1
pymacaroons==0.13.0
PyNaCl==1.5.0
pyOpenSSL==25.1.0
pyparsing==3.2.3
pypi-attestations==0.0.27
pyproject_hooks==1.2.0
pyqrcode-binary==1.2.1
pyramid==2.0.2
pyramid-mailer==0.15.1
pyramid-mako==1.1.0
pyramid-redirect==0.4
pyramid-retry==2.1.1
pyramid-rpc==0.8
pyramid-services==2.2
pyramid_debugtoolbar==4.12.1
pyramid_jinja2==2.10.1
pyramid_openapi3==0.21.0
pyramid_tm==2.6
pytest==8.4.1
pytest-icdiff==0.9
pytest-mock==3.14.1
pytest-postgresql==7.0.2
pytest-randomly==3.16.0
pytest-socket==0.7.0
pytest-sugar==1.0.0
pytest-xdist==3.8.0
python-dateutil==2.9.0.post0
python-slugify==8.0.4
pytz==2025.2
pyupgrade==3.20.0
PyYAML==6.0.2
readme_renderer==44.0
redis==5.2.1
referencing==0.36.2
regex==2024.11.6
repoze.sendmail==4.4.1
requests==2.32.4
requests-aws4auth==1.3.1
requests-file==2.1.0
responses==0.25.7
rfc3161-client==1.0.3
rfc3339-validator==0.1.4
rfc3986==2.0.0
rfc8785==0.1.4
rich==14.1.0
rpds-py==0.26.0
rsa==4.9.1
s3transfer==0.11.5
securesystemslib==1.3.0
sentry-sdk==2.34.0
setuptools==80.9.0
sigstore==3.6.4
sigstore-protobuf-specs==0.3.2
sigstore-rekor-types==0.0.18
six==1.17.0
soupsieve==2.7
sphinx-lint==1.0.0
SQLAlchemy==2.0.42
stack-data==0.6.3
stdlib-list==0.11.1
stripe==11.6.0
structlog==25.4.0
tenacity==9.1.2
termcolor==3.1.0
text-unidecode==1.3
tldextract==5.3.0
tokenize_rt==6.2.0
tqdm==4.67.1
traitlets==5.14.3
transaction==5.0
translationstring==1.4
trove-classifiers==2025.5.9.12
tuf==6.0.0
types-awscrt==0.27.4
types-babel==2.11.0.15
types-certifi==2021.10.8.3
types-cffi==1.17.0.20250523
types-first==2.0.5.20240806
types-html5lib==1.1.11.20250708
types-itsdangerous==1.1.6
types-passlib==1.7.7.20250602
types-pyOpenSSL==24.1.0.20240722
types-python-slugify==8.0.2.20240310
types-pytz==2025.2.0.20250516
types-redis==4.6.0.20241004
types-requests==2.32.4.20250611
types-s3transfer==0.13.0
types-setuptools==80.9.0.20250529
types-stripe==3.5.2.20240106
types-WebOb==1.8.0.20250703
types-WTForms==3.2.1.20250602
types-zxcvbn==4.5.0.20250223
typing-inspection==0.4.1
typing_extensions==4.14.1
tzdata==2025.2
ua-parser==1.0.1
ua-parser-builtins==0.18.0.post1
urllib3==2.5.0
venusian==3.1.1
vine==5.1.0
waitress==3.0.2
watchdog==6.0.0
wcwidth==0.2.13
webauthn==2.6.0
webencodings==0.5.1
WebOb==1.8.9
WebTest==3.0.6
Werkzeug==3.1.1
wheel==0.45.1
whitenoise==6.9.0
wired==0.4
wrapt==1.17.2
WTForms==3.2.1
xmltodict==0.14.2
zipp==3.23.0
zope.deprecation==5.1
zope.event==5.1.1
zope.interface==7.2
zope.schema==7.0.1
zope.sqlalchemy==3.1
zxcvbn==4.5.0
Operating System
Linux f85b9e8b4ad5 6.14.10-orbstack-00291-g1b252bd3edea #1 SMP Sat Jun 7 02:45:18 UTC 2025 aarch64 GNU/Linux