> > > > So if these built in filters are marking my strings safe, inspite of > > > unsafe data being passed in, should they not handle escaping as well? > > > The problem seems to be that your filter function doesn't mark itself > > with an is_safe attribute (defaulting it to False). So try marking > > your filter with is_safe=True which means that your filter doesn't > > introduce any HTML unsafe characters by itself (not including the ones > > that are already in the input): > > > filterxx.is_safe = True > > > Also, it's easier for people to follow a discussion thread if you > > don't top post your responses. > > > -RD > > I don't think setting is_safe is the solution, in fact is sounds like > the exact opposite.
It might sound confusing, but is_safe=True is a way for you to indicate to Django that your filter does not introduce any unwanted characters. See point #1 in the below doc for a more thorough explanation: http://docs.djangoproject.com/en/dev/howto/custom-template-tags/#filters-and-auto-escaping > Shabda *wants* Django to escape the results. Here's an excerpt from the docs for that case: "1. Your filter does not introduce any HTML-unsafe characters (<, >, ', " or &) into the result that were not already present. In this case, you can let Django take care of all the auto-escaping handling for you. All you need to do is put the is_safe attribute on your filter function and set it to True, like so: This attribute tells Django that if a "safe" string is passed into your filter, the result will still be "safe" and if a non-safe string is passed in, Django will automatically escape it, if necessary." -RD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
