#1. Regarding templates, one of the arguments for the previous change was:
Django 1.8 worsens the situation significantly:
{% if request.user.is_authenticated %}
does the right thing in a Django template but is a security vulnerability
in a Jinja2 template!
#2. There was an inconsistency with the is_staff, is_active, is_superuser
attributes and is_anonymous, is_authenticated as methods. I'm not sure what
the inconsistency is with forms. Yes, there's an Form.is_bound property and
an is_multipart() method but I don't see a need to convert all is_*()
methods to properties.
In my mind, the security ramifications were the main reason for the
previous change, and I don't see those concerns here. Changing
Form.is_valid() to a property seems like it would cause much more
disruption across the Django ecosystem than the gain would be worth.
On Thursday, September 29, 2016 at 11:52:55 AM UTC-4, Sven R. Kunze wrote:
>
> Am Donnerstag, 29. September 2016 15:52:00 UTC+2 schrieb Tim Graham:
>>
>> I don't think the same argument applies because no one (I hope) is
>> calling form.is_valid() in templates.
>>
>
> Could you elaborate why this only plays a role with templates?
>
>
> So, as it turns out I ran grep on our code and easily found a place where
> the programmer missed the "()" after is_valid. Regarding templates, I found
> no occurrences of "is_valid" nor "has_changed" in our templates so far but
> this might have other reasons as we don't have a very long history of
> templates until recently. Additionally, what's so wrong about using either
> function in templates?
>
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/f544f62b-7129-4991-bfaf-ff51926358be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
