Re: Autoescaping: good time?

Fri, 03 Aug 2007 02:10:52 -0700 

On Thu, Aug 02, James Bennett wrote:

> 
> On 8/2/07, Todd O'Bryan <[EMAIL PROTECTED]> wrote:
> > Can this possibly be right? If I want to include a single variable that
> > includes some HTML (such as {{ form.as_table }}), do I have to turn off
> > auto-escaping for everything else in the page?
> 
> From the descriptions above -- of using the autoescape toggle in a
> base template to inherit through to every child template -- it seems
> that the only logical thing is for it to not be something which
> "expires" at the end of a block, but instead to apply to an entire
> template.
> 
> If I've misread that, somebody correct me.

Well, "autoescape" is not a setting, it builds a TemplateNode.

{% autoescape %} always needs an {% endautoescape %}, generating a node
during template parsing. Everything between {% autoescape %} and {%
endautoescape %} is put in its subnode list.

If a VariableNode is below an {% autoescape on %} in the template node tree,
autoescape is in effect, if it is below an {% autoescape off %}, it won't.
(Deepest autoescape node wins, of course.) 

So, it all depends on the node tree, and not at all on the template that
ultimately defines a block.



By the way, it is also possible to write templates that are completely
independent of the autoescape setting in effect without using any 
{% autoescape %} filter tag:

- Add an 'escape' filter to each variable that needs escaping 
  (and autoescape will *not* escape it another time)

- Add a 'safe' filter to all the other variables, and it will be marked
  as safe, so that autoescaping won't touch it.

This actually adds some documentation for any reviewer. 'safe' means:
"Hey, I haven't simply forgot escaping, I meant it!"


Michael

-- 
noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg -
Tel +49-911-9352-0 - Fax +49-911-9352-100
http://www.noris.de - The IT-Outsourcing Company
 
Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk - 
Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to