I need to create a custom filter which displays some data from db
depending on its data type.
My code is something like,
from django.template.defaultfilters import linebreaks, urlize
def filterxx(data)
return linebreaks(urlize(data.value))
My data.value is
Asdfghjkl
<script>alert('hole')</script>
This is used in templates, and shows up unescaped, which allows users
to run arbitrary scripts. What am I doing wrong?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
