[Django] #35296: The autoescape parameter to Engine() seems to have no effect
13 views
Skip to first unread message
Django
Mar 12, 2024, 3:23:15 PM3/12/24
to django-...@googlegroups.com
#35296: The autoescape parameter to Engine() seems to have no effect
-------------------------------------------+------------------------
Reporter: Roman Donchenko | Owner: nobody
Type: Uncategorized | Status: new
Component: Template system | Version: 5.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------------+------------------------
The reference documentation for `django.template.Engine` says
[https://docs.djangoproject.com/en/5.0/ref/templates/api/#configuring-an-
engine the following]:
* `autoescape` controls whether HTML autoescaping is enabled.
It defaults to `True`.
Based on this, I would expect the following to print `<>`:
{{{#!python
import django.template
django.template.Engine(autoescape=False)
t = e.from_string('{{x}}')
print(t.render(django.template.Context({'x': '<>'})))
}}}
But it doesn't, it prints `<>`. So it seems that the `autoescape`
parameter does nothing.
Either the code should be updated to make the parameter work, or the docs
should explain what it actually does.
--
Ticket URL: <https://code.djangoproject.com/ticket/35296>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
-------------------------------------------+------------------------
Reporter: Roman Donchenko | Owner: nobody
Type: Uncategorized | Status: new
Component: Template system | Version: 5.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------------+------------------------
The reference documentation for `django.template.Engine` says
[https://docs.djangoproject.com/en/5.0/ref/templates/api/#configuring-an-
engine the following]:
* `autoescape` controls whether HTML autoescaping is enabled.
It defaults to `True`.
Based on this, I would expect the following to print `<>`:
{{{#!python
import django.template
django.template.Engine(autoescape=False)
t = e.from_string('{{x}}')
print(t.render(django.template.Context({'x': '<>'})))
}}}
But it doesn't, it prints `<>`. So it seems that the `autoescape`
parameter does nothing.
Either the code should be updated to make the parameter work, or the docs
should explain what it actually does.
--
Ticket URL: <https://code.djangoproject.com/ticket/35296>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Mar 12, 2024, 4:16:52 PM3/12/24
to django-...@googlegroups.com
#35296: The autoescape parameter to Engine() seems to have no effect
---------------------------------+--------------------------------------
Reporter: Roman Donchenko | Owner: nobody
Type: Uncategorized | Status: new
Component: Template system | Version: 5.0
Severity: Normal | Resolution:
Type: Uncategorized | Status: new
Component: Template system | Version: 5.0
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+--------------------------------------
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by bcail):
I see the same result. It looks like the `Context` object has an
`autoescape` parameter (which defaults to True) - so that may sort of be
overriding the engine value. But, I'm not sure the engine value is always
checked where it should be.
--
Ticket URL: <https://code.djangoproject.com/ticket/35296#comment:1>
Django
Mar 12, 2024, 4:17:22 PM3/12/24
to django-...@googlegroups.com
#35296: The autoescape parameter to Engine() seems to have no effect
---------------------------------+--------------------------------------
Reporter: Roman Donchenko | Owner: nobody
Type: Uncategorized | Status: new
Component: Template system | Version: 5.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+--------------------------------------
Changes (by bcail):
---------------------------------+--------------------------------------
Reporter: Roman Donchenko | Owner: nobody
Type: Uncategorized | Status: new
Component: Template system | Version: 5.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+--------------------------------------
* cc: bcail (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/35296#comment:2>
Reply all
Reply to author
Forward
0 new messages