On Nov 16, 12:40 pm, ptone <pres...@ptone.com> wrote:
> On Nov 16, 1:12 am, Roald <downa...@gmail.com> wrote:
> > Can anybody explain why template tag libraries are loaded from
> > *inside* a template? The more I work with them, the more I get the
> > feeling that specifying which template tags are available in a
> > template should be specified in the view-code (or more general: the
> > thing that loads/renders the template).
>
> Such as a TemplateEngine...?
>
> This seems a good candidate feature
> for:https://code.djangoproject.com/ticket/17093
I fully agree with Luke, Stephen, and Russell that {% load %} tags in
the template are how templatetags should be loaded and made available
for use in that template, simply for reasons of clarity and
explicitness.
I do, however, think that the tight coupling we currently have between
INSTALLED_APPS and "what templatetag libraries are available for
load", while a reasonable default for an integrated framework, is an
unfortunate restriction on use of the template system, which I hope
can be lifted by #17093.
And I also don't agree that efforts to use the template language in a
"sandboxed" way are doomed to failure: if you can instantiate a
template instance with an explicitly-limited set of templatetag
libraries (which #17093 would allow), and you can control exactly what
data is put into the template context, I think you _can_ make
templates safe for untrusted use. Obviously it requires care.
Carl
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
