On 8/2/07, Todd O'Bryan <[EMAIL PROTECTED]> wrote:
> Can this possibly be right? If I want to include a single variable that
> includes some HTML (such as {{ form.as_table }}), do I have to turn off
> auto-escaping for everything else in the page?
No, it's not quite right. There's an autoescape controller block that
you use to unconditionally turn autoescaping on or off::
This {{ content }} will be autoescaped
since the default template rendering
will be in autoescape mode.
{% autoescape off %}
This {{ content }} will be *not* be {{ escaped }}.
Nor will the contents of this
{% block childblock %}{% endblock %}
{% autoescape on %}
This {{ content }} will be escaped.
{% endautoescape %}
{% endautoescape %}
There are also two template filters, ``raw`` and ``escape``. They both
*always* do the right thing, reguardless of which "mode" you're in.
Double escaping won't happen, and marking something as raw when
autoescape is off is a no-op.
Finally, if you write template tags/filter that return "safe" content
-- i.e. a markdown filter, or whatever -- you can mark the returned
strings as safe and they won't be escaped in any mode.
This is all there in the patch, FYI, but we'll need to be sure to
document it extremely clearly before it drops.
Jacob
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
