Google Groups Home
Help | Sign in
Django developers
Home
+ new post
About this group
Join this group
Message from discussion templates and html escaping
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
Gábor Farkas  
View profile
  More options Mar 3 2006, 10:30 am
From: Gábor Farkas <ga...@nekomancer.net>
Date: Fri, 03 Mar 2006 16:30:16 +0100
Local: Fri, Mar 3 2006 10:30 am
Subject: Re: templates and html escaping
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author

Gábor Farkas wrote:
> Jacob Kaplan-Moss wrote:
>> On Mar 2, 2006, at 3:16 PM, Michael Radziej wrote:
>>> Now, did I miss something and is this already fixed? Should this be
>>> treated differently? How do other people handle this?

>> The problem in the admin was fixed in [1982]: http://
>> code.djangoproject.com/changeset/1982; in your own templates you'll  
>> want to use the "escape" filter (http://www.djangoproject.com/
>> documentation/templates/#escape) on any potentially dangerous entries.

>> Why not do it for all variables? At times you want to pass chunks of  
>> HTML into a template that get displayed raw.  I don't think the  
>> behavior you suggest should be default,

> maybe a stupid question, but why not?

<snip>

after i sent my response, i've read the original posters mail (i should
have  done it at the beginning) and i see that i'm just repeating his
words.i'm sorry.

gabor


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2008 Google