On Jun 21, 2006, at 9:29 PM, SmileyChris wrote: > Out of interest, have you (both Jacob and anyone else involved in this > discussion) seriously tried an auto-escaping templating system and had > a problem with it opposing your needs?
At the risk of turning this into a war stories thread, I've had to deal with: * a templating system that throws a hard error any time you try to output anything that looks like HTML which the system seems to interpret as "anything with a '<', '>', or '&' in it" * a so-called "security" layer that urlencodes (why? who knows...) every piece of GET or POST data (resulting in double-encoded content much of the time) * HTML stored in a database as "&lt;a href=&quot;#link&smp;quot;&gt;" for reasons nobody could figure out * and, yes, template systems that automatically escaped data. Of course, the first three are *far* worse than the last one, but all lie on the continuum of automatically screwing with my data in the name of "safety". Jacob --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
