On Jun 21, 2006, at 8:35 PM, Todd O'Bryan wrote:
> Does there seem to be consensus out there among web frameworks about
> whether escape=default, raw=exception or raw=default,
> escape=exception?
Not really sure, myself -- my impression is that most web frameworks
don't think about XSS all that hard at all (and just leave it up to
developers to Do The Right Thing) but I'm not sure, really.
> I should be able to put
>
> {% auto_escape on %}
>
> blah blah blah
>
> {% auto_escape %}
>
> in the template that's the supertemplate of all templates and get the
> behavior I want by default in everything.
Yes, I agree -- I've never been against a template tag which does
autoescape because that's still leaving power in the hands of the
template authors.
Jacob
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers
-~----------~----~----~----~------~----~------~--~---
