Re: Why is my string not auto escaped?

2008-11-01 Thread Karen Tracey
On Wed, Oct 29, 2008 at 8:35 AM, shabda <[EMAIL PROTECTED]> wrote: > > I need to create a custom filter which displays some data from db > depending on its data type. > > My code is something like, > > from django.template.defaultfilters import linebreaks, urlize > > def filterxx(data) >

Re: Why is my string not auto escaped?

2008-11-01 Thread varikin
On Oct 31, 8:28 am, Rajesh Dhawan <[EMAIL PROTECTED]> wrote: > > > > So if these built in filters are marking my strings safe, inspite of > > > > unsafe data being passed in, should they not handle escaping as well? > > > > The problem seems to be that your filter function doesn't mark itself >

Re: Why is my string not auto escaped?

2008-10-31 Thread Rajesh Dhawan
> > > > So if these built in filters are marking my strings safe, inspite of > > > unsafe data being passed in, should they not handle escaping as well? > > > The problem seems to be that your filter function doesn't mark itself > > with an is_safe attribute (defaulting it to False). So try

Re: Why is my string not auto escaped?

2008-10-31 Thread varikin
On Oct 30, 6:58 am, Rajesh Dhawan <[EMAIL PROTECTED]> wrote: > On Oct 30, 1:30 am, shabda <[EMAIL PROTECTED]> wrote: > > > So if these built in filters are marking my strings safe, inspite of > > unsafe data being passed in, should they not handle escaping as well? > > The problem seems to be

Re: Why is my string not auto escaped?

2008-10-30 Thread Rajesh Dhawan
On Oct 30, 1:30 am, shabda <[EMAIL PROTECTED]> wrote: > So if these built in filters are marking my strings safe, inspite of > unsafe data being passed in, should they not handle escaping as well? The problem seems to be that your filter function doesn't mark itself with an is_safe attribute

Re: Why is my string not auto escaped?

2008-10-29 Thread shabda
So if these built in filters are marking my strings safe, inspite of unsafe data being passed in, should they not handle escaping as well? Rajesh Dhawan wrote: > On Oct 29, 8:35 am, shabda <[EMAIL PROTECTED]> wrote: > > I need to create a custom filter which displays some data from db > >

Re: Why is my string not auto escaped?

2008-10-29 Thread Rajesh Dhawan
On Oct 29, 8:35 am, shabda <[EMAIL PROTECTED]> wrote: > I need to create a custom filter which displays some data from db > depending on its data type. > > My code is something like, > > from django.template.defaultfilters import linebreaks, urlize > > def filterxx(data) > return

Why is my string not auto escaped?

2008-10-29 Thread shabda
I need to create a custom filter which displays some data from db depending on its data type. My code is something like, from django.template.defaultfilters import linebreaks, urlize def filterxx(data) return linebreaks(urlize(data.value)) My data.value is Asdfghjkl alert('hole') This