I was hoping to get clarification on what security model we intend to support for template authors. In ticket #12772 <https://code.djangoproject.com/ticket/12772> it's proposed to allow loading template tags using a dotted Python path. This would allow template authors to trigger imports of anything on the Python path. I am not sure the requirement to add a template tag library to INSTALLED_APPS is a big burden these days (e.g. there is no more need to create an empty models.py file), but perhaps I don't fully understand the ticket's rationale for proposing these changes.
-- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/643fdee1-dbc2-4113-b564-aa2fd741a0ba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
