Re: Contrib context processor?

[Ned Batchelder]

Only a security hole in the sense that a template author could put the DB password onto the page (for example) if they were stupid or malicious, right?  I understand the desire to "protect" template authors from the full power of Python etc, but we don't believe they are untrusted, or do we? --Ned. James Bennett wrote: On 10/13/06, Ned Batchelder <[EMAIL PROTECTED]> wrote: In my own context processor, I added 'settings' as the entire settings module. Then I can get settings.WHATEVER in the templates. This solved our problem of dribbling in individual settings as we needed them. Any feelings about doing that in a standard context? Then there is no slippery slope, as all of the settings are brought in at once. That opens up some potential security holes which I'm not certain could be worked around by just listing the "safe" settings. -- Ned Batchelder, http://nedbatchelder.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---