On 7/29/06, Malcolm Tredinnick <[EMAIL PROTECTED]> wrote:
> We are trying to keep the auto-escaping environment completely within
> the control of the template author.
Thanks.
This is really important as even a plain old HTML file can require
several different kinds of escaping in different part
James Bennett wrote:
> On 7/28/06, Roland van Laar <[EMAIL PROTECTED]> wrote:
> > Would it be better to couple it with the mimetype? A text/plain should
> > by default not be excaped.
>
> What would be *best* is for there to be no magical implied
> escaping/unescaping of anything, only explicit es
On 7/28/06, Roland van Laar <[EMAIL PROTECTED]> wrote:
> Would it be better to couple it with the mimetype? A text/plain should
> by default not be excaped.
What would be *best* is for there to be no magical implied
escaping/unescaping of anything, only explicit escaping/unescaping
based on a tem
On Jul 28, 2006, at 9:21 PM, Adrian Holovaty wrote:
>
> On 7/27/06, Simon Willison <[EMAIL PROTECTED]> wrote:
>> Here's an idea I don't think anyone has brought up yet: what if
>> escaping was on by default for templates ending in .html and off by
>> default for templates ending in .txt?
>
> I'm
On 7/27/06, Simon Willison <[EMAIL PROTECTED]> wrote:
> Here's an idea I don't think anyone has brought up yet: what if
> escaping was on by default for templates ending in .html and off by
> default for templates ending in .txt?
I'm not keen on coupling the template filename to the template
cont
On Jul 27, 2006, at 5:53 PM, Simon Willison wrote:
> Here's an idea I don't think anyone has brought up yet: what if
> escaping was on by default for templates ending in .html and off by
> default for templates ending in .txt?
>
> I'm not sure how I feel about this, seeing as we only recently made
On Fri, 2006-07-28 at 12:39 +0100, Bill de hÓra wrote:
> Deryck Hodge wrote:
> > On 7/27/06, Jeremy Dunck <[EMAIL PROTECTED]> wrote:
> >> Make a setting to turn define the default, and if the setting's not
> >> there, auto-escape.
> >> Anyone that doesn't want it can just turn it off by defining t
On 07/28/06 15:34, Ahmad Alhashemi wrote:
>
> Bill de hÓra wrote:
>> Scope it per template:
>>
>> {% extends "base_generic.html" %}
>> {% escape %}
>>
>> This lets people who want auto-escaping, have it, without typing in
>> "|escape" everywhere or screwing things up site wide with globals.
>
>
On 7/28/06, Jeremy Dunck <[EMAIL PROTECTED]> wrote:
> So, I'll hold my water until we hear back from Jacob et al.
>
I didn't mean to seem like I was saying "so shut up already". :-)
This just keeps coming up with the same arguments for and against over
and over again. My apologies if I seemed ha
Simon Willison wrote:
> Here's an idea I don't think anyone has brought up yet: what if
> escaping was on by default for templates ending in .html and off by
> default for templates ending in .txt?
This does seem like a practical solution. But I think that it gives
more meaning to template file n
On 7/27/06, Deryck Hodge <[EMAIL PROTECTED]> wrote:
>
> On 7/27/06, Jeremy Dunck <[EMAIL PROTECTED]> wrote:
> > Make a setting to turn define the default, and if the setting's not
> > there, auto-escape.
> > Anyone that doesn't want it can just turn it off by defining the setting.
> >
> > AUTO_ESC
On 28 Jul 2006, at 13:06, Todd O'Bryan wrote:
> What if we deprecated {{ }} and replaced it with an escape tag and a
> raw tag? It would keep backward compatibility, but would encourage
> people to use escaped strings unless they have a reason to use raw
> ones. I suppose we don't really have to
I must say I really like Luke's (I think it was Luke) idea of
different tags for escaping vs. auto-escaping.
What if we deprecated {{ }} and replaced it with an escape tag and a
raw tag? It would keep backward compatibility, but would encourage
people to use escaped strings unless they have
On 7/28/06, Bill de hÓra <[EMAIL PROTECTED]> wrote:
> Scope it per template:
>
> {% extends "base_generic.html" %}
> {% escape %}
>
> This lets people who want auto-escaping, have it, without typing in
> "|escape" everywhere or screwing things up site wide with globals.
Yeah. AFAIK that's pretty
Deryck Hodge wrote:
> On 7/27/06, Jeremy Dunck <[EMAIL PROTECTED]> wrote:
>> Make a setting to turn define the default, and if the setting's not
>> there, auto-escape.
>> Anyone that doesn't want it can just turn it off by defining the setting.
>>
>> AUTO_ESCAPE_TEXT = _True_|False
>
> This is th
On 7/27/06, Jeremy Dunck <[EMAIL PROTECTED]> wrote:
> Make a setting to turn define the default, and if the setting's not
> there, auto-escape.
> Anyone that doesn't want it can just turn it off by defining the setting.
>
> AUTO_ESCAPE_TEXT = _True_|False
This is the exact scenario that should be
On 7/27/06, Simon Willison <[EMAIL PROTECTED]> wrote:
> Here's an idea I don't think anyone has brought up yet: what if
> escaping was on by default for templates ending in .html and off by
> default for templates ending in .txt?
Make a setting to turn define the default, and if the setting's not
On 28 Jul 2006, at 01:50, Ahmad Alhashemi wrote:
> Default escaping couples the Django templates with HTML. I don't think
> that this is a good idea, even if HTML is, incidentally, the most
> commonly used language in templates, for the time being.
Here's an idea I don't think anyone has brough
Default escaping couples the Django templates with HTML. I don't think
that this is a good idea, even if HTML is, incidentally, the most
commonly used language in templates, for the time being.
--~--~-~--~~~---~--~~
You received this message because you are subscr
On Jul 27, 2006, at 3:22 PM, Simon Willison wrote:
> (Malcolm Tredinnick's patch looks like a really great bash at this;
> it's great that someone's taking the initiative and hammering out
> some code).
FYI, Malcom, Adrian and I spent some time talking this over today at
OSCON. Expect to see s
On 27 Jul 2006, at 21:01, Tom Tobin wrote:
> From what I recall of conversations on the subject, default behavior
> will not be changed to auto-escape. Auto-escaping, under whatever
> proposal is accepted, will require some form of action to enable.
I like to think that's not set in stone yet. T
On 7/27/06, Luke Plant <[EMAIL PROTECTED]> wrote:
>
> On Thursday 27 July 2006 19:47, Deryck Hodge wrote:
>
> > But how is remembering to do {! var !} any easier than remembering {{
> > var|escape }}? I think that's the issue most people had, that
> > escaping is easy to overlook.
>
> In my propo
On 7/27/06, Luke Plant <[EMAIL PROTECTED]> wrote:
>
> Unless I missed something, the default escaping proposal hasn't been
> committed. And I've had an idea that I don't think came up, that I
> thought was perhaps worth throwing into the mix.
>
> Basically, {{ }} does escaping automatically, a
On Thursday 27 July 2006 19:47, Deryck Hodge wrote:
> But how is remembering to do {! var !} any easier than remembering {{
> var|escape }}? I think that's the issue most people had, that
> escaping is easy to overlook.
In my proposal, if you do {{ var }} you are covered, so you don't have
to
On 7/27/06, Luke Plant <[EMAIL PROTECTED]> wrote:
>
> Unless I missed something, the default escaping proposal hasn't been
> committed. And I've had an idea that I don't think came up, that I
> thought was perhaps worth throwing into the mix.
>
> Basically, {{ }} does escaping automatically, a
Unless I missed something, the default escaping proposal hasn't been
committed. And I've had an idea that I don't think came up, that I
thought was perhaps worth throwing into the mix.
Basically, {{ }} does escaping automatically, and {! !} doesn't.
Of course, we can then argue about whe
26 matches
Mail list logo
