For security it is desirable not to return any errors containing strack traces etc. to the client, as these can be used by attackers for information gathering.

We are running an Umbraco site and have proper error handling configured so all thrown errors are caught and logged, with the user only shown an error page with no sensitive information.

However, it seems that if an exception occurs during template rendering, the exception is written out as if it were the template. See line 64 here: https://github.com/umbraco/Umbraco-CMS/blob/dd6e764588d22ef2b7bce01fd504ece89834f181/src/Umbraco.Web/UmbracoComponentRenderer.cs

From the code it is not apparent if there is any way to disable this.

Macros seem to have this functionality with the MacroErrors section of umbracoSettings but there does not seem to be anything to disable this for templates. Ideally I would like to have the same ability to choose whether they are rendered, silently ignored, or thrown to reach our global error handler.

If this already exists, please advise how to configure as we have a fail on a penetration test due to this.

By the way - your forum does not allow me to submit if the title is too long. there is no validation, it just crashes.