Dave, may I ask you to provide some proof of concept code in regards to this? It'll also make life a lot easier for you when submitting a bug report to the django devs.
On Fri, Feb 18, 2011 at 2:22 PM, dave b <db.pub.m...@gmail.com> wrote: > On 19 February 2011 01:19, Shawn Milochik <sh...@milochik.com> wrote: > > Don't take my comment as a personal attack. I was just pointing out that > injection attacks are one of those things we're all responsible for being > aware of and not opening ourselves up to. > > > > To the extent that Django protects us from such things, it's generally to > ensure that the boilerplate Django saves us from writing (by baking it in) > is safe. > > > > My point is that using Django doesnt relieve us of the responsibility of > knowing what we're doing. > > > > Shawn > > Oh how nice you sent this to me off the list? > > Ok great. How about you get off your damn high horse and settle with > us mortals ? > > Wait a second when I read your email it sounds like you accept the > fact that people "should know what they are doing" ... but you didn't > answer my question or _suggest_ that some minor note be added to the > template documentation. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
