On Fri, 2006-07-28 at 12:39 +0100, Bill de hÓra wrote:
> Deryck Hodge wrote:
> > On 7/27/06, Jeremy Dunck <[EMAIL PROTECTED]> wrote:
> >> Make a setting to turn define the default, and if the setting's not
> >> there, auto-escape.
> >> Anyone that doesn't want it can just turn it off by defining the setting.
> >>
> >> AUTO_ESCAPE_TEXT = _True_|False
> >
> > This is the exact scenario that should be avoided most, which came up
> > last time this was discussed. What if I have all the apps on my site
> > without auto-escaping by default, but another person's app, which I
> > want to incorporate into my site, expects auto-escaping?
> >
> > Sure, there are work arounds, but a default setting that can be
> > toggled on or off is not a sane solution.
>
> Scope it per template:
>
> {% extends "base_generic.html" %}
> {% escape %}
>
> This lets people who want auto-escaping, have it, without typing in
> "|escape" everywhere or screwing things up site wide with globals.
This is exactly how it works (modulo slightly different terminology).
See the original explanation in
http://groups.google.com/group/django-developers/browse_thread/thread/7caeb86c04b81f10/931d5e0f65cc354b?lnk=gst&rnum=1#931d5e0f65cc354b
The discussion Jacob, Adrian and I had yesterday did not come up with
any conclusions that were vastly different from the initial patch I
wrote. So it's a pretty good reference for the next few days until I
finish it.
> Alternative, do it in the view code:
>
> def detail(request, poll_id):
> p = get_object_or_404(Poll, pk=poll_id)
> return render_to_response('detail.html', {'poll': p}, escape=True)
We are trying to keep the auto-escaping environment completely within
the control of the template author. This person may very well not be the
person writing the view and should have to go and track down said person
to find out the context they are operating in. Similarly, keeping this
control out of the views help template reuse with different views.
For similar reasons -- and to avoid the counter-problem that the view
author has to know everything about the template -- we have ensured that
if a view passes in a safe string (one that requires no further
escaping) to a template and the template author applies the escape tag
to it, it will not be further escaped (there will be a force_escape
filter for when that is required).
Regards,
Malcolm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers
-~----------~----~----~----~------~----~------~--~---
