On Tue, 2008-08-19 at 04:13 -0700, tom17 wrote:
> I developed something using the trunk, now we have a change in the
> requirement and we need to use the 0.96 version as the hosting service
> provider supports only the stable version. I know I have to change a
> lot of things,
> So what I want to ask is what is the alternative for
> {% autoescape off %}{{ abc.text|truncatewords:100 }}{% endautoescape
> %}
Since autoescaping doesn't exist in 0.96, nothing is autoescaped. In
other words, every template is rendered as if it was wrapped in {%
autoescape off %}...{% endautoescape %}.
What you do have to in 0.96 is make sure that every template displaying
data you got from a user at any point is run through the escape filter.
That will take a long time to change and require great attention to
detail (otherwise it's a security hole).
After doing that for any non-trivial site using HTML, you'll realise why
autoescaping was introduced. :-)
Regards,
Malcolm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
