On Fri, 2006-07-14 at 16:45 +0100, Simon Willison wrote: > On 14 Jul 2006, at 03:05, Malcolm Tredinnick wrote: > > > Is there any alternative to creating an escaped_unordered_list tag? > > (Any > > better name for this tag? It's too long) > > Yes. Implementing the auto escape proposal. > > > [Note: useful responses to this question do not include "auto-escaping > > would be nice". That is not the issue here and it gets tiring reading > > it.] > > I would argue that it is the issue here - more specifically, the > current auto_escape proposal is designed to tackle this exact > problem, among others.
Simon, Take it as given that I agree with your proposal. I've read it a number of times, thought about it, think it's great. No arguments from me. I considered this a separate issue from auto-escaping because we need something *now* (admin has inadvertent security holes by default at the moment) and I thought there wasn't a real consensus around your proposal, so another response along these lines was not moving us any further from "problem" to "solution". However, in the process of checking the older threads before responding this morning, I realised there was a fair consensus and the only real sticking point was "on by default" or "off by default", which is not a showstopper at the moment. So, I've spent the afternoon implementing your proposal. I've ported about two thirds of the filters and a few of the tags so far, adding tests as I go. I'll stick the patch in a ticket when it's mostly done, which should be later this evening (Sydney time). Just posting this now in case you decided to get keen and start working on this yourself this weekend. I'm not meaning to tread on any toes, but I want to get some of these problems fixed and leaving it for "somebody else" wasn't working. Your response was basically saying stuff I already understood, but thanks for the boot in the butt anyway; it annoyed me enough to get me to work on the bigger problem. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
