2007/12/10, oggie rob <[EMAIL PROTECTED]>: > > > * Escaping is solely and entirely a function of presenting data in HTML. > > * As such, escaping belongs in the component of Django which handles > > presentation of data in HTML. > > * As such, the template layer is the correct place for this. > All good arguments :) > > I'm frustrated that the template author doesn't have any detail on > whether a variable should be trusted or not, but yeah, what you say is > valid. So forms are not a reasonable place for this, and I think the > escaping decision would be better closer to the view, but you get into > issues there on an easy way to describe which fields are okay and > which aren't.
The template author should only care about it if he's also the one who works on views. Other that that the programming person is always able to mark some data as safe for output (for example some HTML coming from RSS already parsed by BeautifulSoup) by encapsulating it in the correct classes. -- Patryk Zawadzki PLD Linux Distribution --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
