-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/17/2011 02:51 PM, Luke Plant wrote:
> It's pretty easy to produce a DOS attack using only builtin template
> tags and filters, and a completely empty context e.g.:
>
> {% for a in "xxx"|make_list %}
> {% for a in "xxx"|
On 17/11/11 18:36, Carl Meyer wrote:
> I do, however, think that the tight coupling we currently have between
> INSTALLED_APPS and "what templatetag libraries are available for
> load", while a reasonable default for an integrated framework, is an
> unfortunate restriction on use of the template s
On Nov 16, 12:40 pm, ptone wrote:
> On Nov 16, 1:12 am, Roald wrote:
> > Can anybody explain why template tag libraries are loaded from
> > *inside* a template? The more I work with them, the more I get the
> > feeling that specifying which template tags are available in a
> > template should be
On Nov 17, 8:02 am, Stephen Burrows
wrote:
> I second what Luke and Russ have already said.
>
> If what you're interested in is a way to securely allow users to enter
> template code into the database, you can just write a custom field
> that validates its input for security problems.
>
> Here's
On Nov 17, 12:05 am, Luke Plant wrote:
> From my perspective, putting the template tag libraries in the view is
> absolutely the wrong thing to do, for a number of reasons:
>
> 1) If I'm reading a template and come across a template tag I don't
> understand, I have to go and find the view it is ca
I second what Luke and Russ have already said.
If what you're interested in is a way to securely allow users to enter
template code into the database, you can just write a custom field
that validates its input for security problems.
Here's a third-party implementation of a validator for such a fi
On Wed, Nov 16, 2011 at 5:12 PM, Roald wrote:
> Hi all,
>
> Can anybody explain why template tag libraries are loaded from
> *inside* a template? The more I work with them, the more I get the
> feeling that specifying which template tags are available in a
> template should be specified in the vie
On 16/11/11 09:12, Roald wrote:
> Hi all,
>
> Can anybody explain why template tag libraries are loaded from
> *inside* a template? The more I work with them, the more I get the
> feeling that specifying which template tags are available in a
> template should be specified in the view-code (or mor
On Nov 16, 8:40 pm, ptone wrote:
> On Nov 16, 1:12 am, Roald wrote:
>
> > Hi all,
>
> > Can anybody explain why template tag libraries are loaded from
> > *inside* a template? The more I work with them, the more I get the
> > feeling that specifying which template tags are available in a
> > tem
On Nov 16, 1:12 am, Roald wrote:
> Hi all,
>
> Can anybody explain why template tag libraries are loaded from
> *inside* a template? The more I work with them, the more I get the
> feeling that specifying which template tags are available in a
> template should be specified in the view-code (or
Hi all,
Can anybody explain why template tag libraries are loaded from
*inside* a template? The more I work with them, the more I get the
feeling that specifying which template tags are available in a
template should be specified in the view-code (or more general: the
thing that loads/renders the
11 matches
Mail list logo
