On Oct 31, 8:28 am, Rajesh Dhawan <[EMAIL PROTECTED]> wrote:
> > > > So if these built in filters are marking my strings safe, inspite of
> > > > unsafe data being passed in, should they not handle escaping as well?
>
> > > The problem seems to be that your filter function doesn't mark itself
> > > with an is_safe attribute (defaulting it to False). So try marking
> > > your filter with is_safe=True which means that your filter doesn't
> > > introduce any HTML unsafe characters by itself (not including the ones
> > > that are already in the input):
>
> > > filterxx.is_safe = True
>
> > > Also, it's easier for people to follow a discussion thread if you
> > > don't top post your responses.
>
> > > -RD
>
> > I don't think setting is_safe is the solution, in fact is sounds like
> > the exact opposite.
>
> It might sound confusing, but is_safe=True is a way for you to
> indicate to Django that your filter does not introduce any unwanted
> characters. See point #1 in the below doc for a more thorough
> explanation:
>
> http://docs.djangoproject.com/en/dev/howto/custom-template-tags/#filt...
>
> > Shabda *wants* Django to escape the results.
>
> Here's an excerpt from the docs for that case:
>
> "1. Your filter does not introduce any HTML-unsafe characters (<, >,
> ', " or &) into the result that were not already present. In this
> case, you can let Django take care of all the auto-escaping handling
> for you. All you need to do is put the is_safe attribute on your
> filter function and set it to True, like so:
>
> This attribute tells Django that if a "safe" string is passed into
> your filter, the result will still be "safe" and if a non-safe string
> is passed in, Django will automatically escape it, if necessary."
>
> -RD
But Shadba's example filter is calling urlize which does introduce
HTML unsafe characters.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
