Gábor Farkas wrote: > Jacob Kaplan-Moss wrote: >> On Mar 2, 2006, at 3:16 PM, Michael Radziej wrote: >>> Now, did I miss something and is this already fixed? Should this be >>> treated differently? How do other people handle this? >> >> The problem in the admin was fixed in [1982]: http:// >> code.djangoproject.com/changeset/1982; in your own templates you'll >> want to use the "escape" filter (http://www.djangoproject.com/ >> documentation/templates/#escape) on any potentially dangerous entries. >> >> Why not do it for all variables? At times you want to pass chunks of >> HTML into a template that get displayed raw. I don't think the >> behavior you suggest should be default, > > maybe a stupid question, but why not?
<snip> after i sent my response, i've read the original posters mail (i should have done it at the beginning) and i see that i'm just repeating his words.i'm sorry. gabor --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
