James Bennett wrote:
On Sat, Apr 26, 2008 at 9:38 PM, Darryl Ross <[EMAIL PROTECTED]> wrote:So my question is, is there an argument which will disable auto-escaping? If not, would there be some merit to adding some functionality that allows this, either as an argument or perhaps to make the auto-escaping only auto-escape if the template filename ends in '.html'?No, and probably not. One of the key things about Django's autoescaping is that, since it applies in the template, you can look at the template to find out what's going on. Introducing lots of other places where you'd need to look, transforming it from "look at the template to see if the autoescape tag or the safe filter are used" to "look at the template, then look at this argument, then look at this setting, then..." would be a disaster.
I can see your point, but I disagree for two reasons.The first is that to find out what template is being used, you most likely need to look in the view for the urls file, so having an argument there is obvious. The auto-escaping based on file extension was just something I was throwing out there and I don't think it's a particularly good idea myself.
The second reason is that the auto-escaping was, correct me if I'm wrong, to help prevent cross-site vulnerabilities caused by browsers interpreting HTML. There are other uses for the templating besides generating content for browsers, such as sending emails and generating other files, like CSV or XML.
Regards Darryl
signature.asc
Description: OpenPGP digital signature
