Hi,
can I safely use the template engine to produce user configured output?
If I use the template engine like it is done in the RSSFeed:
title_tmp = Template('{% load i18n %}' + userInput)
ctx = Context({'dstart': date.dstart, ....
where userInput is something a user can fill in.
So far, the only point seems to be:
protect functions of objects one uses in the context, so nobody can delete
items or do something else...
Am I overlooking something?
regards
Henrik
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
