Received: by 10.54.131.6 with SMTP id e6mr66083wrd;
Fri, 09 Jun 2006 06:35:46 -0700 (PDT)
Return-Path: <swilli...@gmail.com>
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168])
by mx.googlegroups.com with ESMTP id v11si755453cwb.2006.06.09.06.35.45;
Fri, 09 Jun 2006 06:35:46 -0700 (PDT)
Received-SPF: pass (googlegroups.com: domain of swilli...@gmail.com designates 66.249.92.168 as permitted sender)
DomainKey-Status: good (test mode)
Received: by ug-out-1314.google.com with SMTP id m3so1193073uge
for <django-users@googlegroups.com>; Fri, 09 Jun 2006 06:35:45 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=beta; d=gmail.com;
h=received:mime-version:in-reply-to:references:content-type:message-id:content-transfer-encoding:from:subject:date:to:x-mailer;
b=mD3OY79X3pC3+d/jFSxzVhhsCdfkhWZkZhCedGCO1yrOd657EPIlK3ArbRw4CWsCgj7Wv+VXgqGlCL2aOQi/zXj6AbjNLNefgOLL2WXdkymadaCLni3Rr4E8t8cte36zgkgwx/MooYBYs6zhIvXqvL/pxuSPbQxCuD9nvx28hh8=
Received: by 10.78.20.13 with SMTP id 13mr875296hut;
Fri, 09 Jun 2006 06:35:45 -0700 (PDT)
Return-Path: <swilli...@gmail.com>
Received: from ?10.0.1.6? ( [217.12.2.148])
by mx.gmail.com with ESMTP id 8sm762227hug.2006.06.09.06.35.44;
Fri, 09 Jun 2006 06:35:44 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v750)
In-Reply-To: <1149858193.729965.187530@i39g2000cwa.googlegroups.com>
References: <1149858193.729965.187530@i39g2000cwa.googlegroups.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <3BBA5FD9-426F-4AC5-95AB-84629BB00165@gmail.com>
Content-Transfer-Encoding: 7bit
From: Simon Willison <swilli...@gmail.com>
Subject: Re: Global Escape
Date: Fri, 9 Jun 2006 14:35:01 +0100
To: django-users@googlegroups.com
X-Mailer: Apple Mail (2.750)
On 9 Jun 2006, at 14:03, Spock wrote:
> I've application where most of data is fetched from database.
> Those data are inserted by people without "trust", so in every
> template
>
> I'm using |escape filter ...so a question is :
>
> Is there is some method to enable global escape filter ? :)
I've been thinking about this recently, and I've come to the
conclusion that we might have missed a trick by not making ALL
replacement variables escaped by default (and including a var|raw
filter for the times when you don't want stuff to be escaped). It's
probably too late to change this now though.
One solution is to write your own custom Context class and use that.
The following code is unteste:
from django.template.context import Context
from django.utils.html import escape
class EscapedContext(Context):
def __getitem__(self, key):
value = super(Context, self)[key]
return escape(value)
You would also need to add your own 'unescape' custom template filter
that reverses the effects of escape for cases where you needed to do
that. Maybe unescape would be a useful addition to the default set of
template tags...
Cheers,
Simon
Message from discussion Global Escape
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |