Hi, all. <imitates_radio>First time caller here.</imitates_radio>
On 6/14/06, Simon Willison <[EMAIL PROTECTED]> wrote: > In my opinion, there are three viable solutions: > > 1. auto_escape is on for ALL Django templates ALL the time. It may > well be too late to do this due to backwards compatibility concerns. > Another concern about this option, rather than just backwards compatibility, is that Django would be making assumptions about what I want to do with my data. I don't agree with the assumption in the parent that "most template variables should be escaped". Probably they should, but that's a debatable point, not a fact. One of the things I love about Django most, is that it doesn't make assumptions about what I want to do, at least not assumptions of this kind. It just gives me tools for doing what I want more efficiently. > 2. auto_escape is controlled in the Django template file itself. The > above example might become something like this: I think this is better. Then it's still my choice, but I'm capable of applying escaping more quickly and easily. It's about efficiency again. :-) Cheers, deryck -- Deryck Hodge http://www.devurandom.org/ http://www.samba.org/ "Aimless days, uncool ways of decathecting" --Mike Doughty (2005) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
